ab0c627184f9d280177744f8b712ba358f401e34dadfa53101728a2b31f43c84

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 20:51

Target

3aaba7bb5036c1177c022684603c61b4_JaffaCakes118.dll
Size

309KB
MD5

3aaba7bb5036c1177c022684603c61b4
SHA1

b015ef645290f0a9370a0faf469e0f9c1735c429
SHA256

ab0c627184f9d280177744f8b712ba358f401e34dadfa53101728a2b31f43c84
SHA512

46f77a94d4016b0ccab8dc579d1bfbfb2fcb14b7dcecb489b0311c71ae7a5ad28c83ac91f137b3dd59c6b7f0d91d38f7152bd57325c7f5e24c5f897cea52b285
SSDEEP

6144:xg0ScMBhuWKcuKQckwmyU2jmZhGqFcWfa2W2lAUroDdWfZTxzDG:xghjBgW0KQcfU26ZTqWyNOHr2dkY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30
PID 2768 wrote to memory of 2780	2768	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aaba7bb5036c1177c022684603c61b4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3aaba7bb5036c1177c022684603c61b4_JaffaCakes118.dll,#1
  2⤵
  PID:2780

memory/2780-0-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download