f8178b0975c5c931e97df26fb5f09964521567d7c46e4a48b6479633de29a3c9

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 21:28

Target

3ac64cf16d46b9f5c898262ff492097e_JaffaCakes118.dll
Size

81KB
MD5

3ac64cf16d46b9f5c898262ff492097e
SHA1

c6f65f562d8f223d2e9bc0fbbdfd8b4fc311364c
SHA256

f8178b0975c5c931e97df26fb5f09964521567d7c46e4a48b6479633de29a3c9
SHA512

a2e0819dea380991433d1ddb9ed172827a62eaf9780a049f1423148595c82eab48c0ed13e5eee8d34a94fe8e371012cbc0583041b484e33f63dfff8d063162a1
SSDEEP

1536:Zr4dVzqJdgJhjJKSYxwB1wMY0PaGi5kAwiUv/Fnx0:ZEdVzq4/j5hOCCGGwiYFG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29
PID 2388 wrote to memory of 3068	2388	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ac64cf16d46b9f5c898262ff492097e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ac64cf16d46b9f5c898262ff492097e_JaffaCakes118.dll,#1
  2⤵
  PID:3068

memory/3068-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3068-3-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3068-2-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/3068-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download