e573db1b6d50b79193668c6a012c156de39564f063d4cce1cd8916cd344ac606

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 20:25

Target

3a98f311c9fddf5d66b1b2b034081737_JaffaCakes118.dll
Size

35KB
MD5

3a98f311c9fddf5d66b1b2b034081737
SHA1

ab35e31d75f9a890bf75f764fbbcd2db2b92055c
SHA256

e573db1b6d50b79193668c6a012c156de39564f063d4cce1cd8916cd344ac606
SHA512

84ebc88035bdbb93507c8950a0697ed724bb8545d46aadee6e973c8b46e894505e3428a8d9ef577c0b11cfd6711b0f6a4a5eeb7185d2b8d441baa17e4b7f6d29
SSDEEP

768:qgGMRHLcq3zpYDqgDuIhvrghslpAZ5pvKnzKOa:qg/H3zpYDq0uIhcObAZrvKGb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a98f311c9fddf5d66b1b2b034081737_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a98f311c9fddf5d66b1b2b034081737_JaffaCakes118.dll,#1
  2⤵
  PID:2408

memory/2408-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2408-4-0x0000000000170000-0x0000000000177000-memory.dmp

Filesize
28KB

Download
memory/2408-3-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2408-2-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2408-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download