6b0aff94ab6eeff2b6aea8c5e2d7e2d9fd1161b1a29a04960957f420fa12d6f7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 12:44

Target

39293a514fa13ecd9479f4fd25e8b74c_JaffaCakes118.dll
Size

122KB
MD5

39293a514fa13ecd9479f4fd25e8b74c
SHA1

1642bb4145640099782643f30b0b1d89ae1a1e72
SHA256

6b0aff94ab6eeff2b6aea8c5e2d7e2d9fd1161b1a29a04960957f420fa12d6f7
SHA512

e1158a985034856fa8e6780f8ce62ba4d693782c418c2bb021d01f78ef72ff086fee6186997798f79273dc1cafb46026d0d785a75cc0276e68247fb6ed133467
SSDEEP

3072:zcKI9hjZCVWgkD+NotUzAHk2AdRKVJRD3GO:3SjZssDrCshAbKRD3GO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30
PID 2408 wrote to memory of 2936	2408	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39293a514fa13ecd9479f4fd25e8b74c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39293a514fa13ecd9479f4fd25e8b74c_JaffaCakes118.dll,#1
  2⤵
  PID:2936

memory/2936-1-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download
memory/2936-0-0x0000000010000000-0x0000000010045000-memory.dmp

Filesize
276KB

Download