e8f06d5cb550af23c21948c1e79a5f142fb46cc13d8355d4a20f8b9110371e94

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 16:06

Target

39d2c75050a929ac6e9f6efd759fd7c6_JaffaCakes118.dll
Size

758KB
MD5

39d2c75050a929ac6e9f6efd759fd7c6
SHA1

1c15cbb7ebb46df50a742d029f492ae3ee3695e4
SHA256

e8f06d5cb550af23c21948c1e79a5f142fb46cc13d8355d4a20f8b9110371e94
SHA512

548de8877d9faaa09b2545b5bd7c5ddc1dcd6d5fe7d33e2b27eb6ec270c2a6e80f8b24695c4f62ad5f4cc9d157e80068f916b883dc4dfb08f15cd01c9b844165
SSDEEP

192:w7ClDrb3lHuC3smUVzgEKAxiILpLtFQOEvR3kiCgdgPpHcKXWXUbd+QbK6T:w7CZsC3sJXxi6N6dq9cKBbg6T

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30
PID 3008 wrote to memory of 2840	3008	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39d2c75050a929ac6e9f6efd759fd7c6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39d2c75050a929ac6e9f6efd759fd7c6_JaffaCakes118.dll,#1
  2⤵
  PID:2840

memory/2840-0-0x0000000020000000-0x0000000020009000-memory.dmp

Filesize
36KB

Download