113b7a97e6614955c8fb01f05891845fdd8deb6ce6c13b5f469262f84073d30a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 23:43

Target

3f570d6ce7d048fd23f18e7dc9b9bc08_JaffaCakes118.dll
Size

314KB
MD5

3f570d6ce7d048fd23f18e7dc9b9bc08
SHA1

d8e278ed8e79def42579e27ce1286782193758b8
SHA256

113b7a97e6614955c8fb01f05891845fdd8deb6ce6c13b5f469262f84073d30a
SHA512

d3ab4d4ff8af054268995f392014d4586a53dac86e9ebbf4b64ccca24b35ff7006c4557f2409654adc1354c5d7b002aef726418d4e18dcd8a7de09d00026083f
SSDEEP

6144:AGGSnH+QhxKheiRZIGEmNlNH/a25jv0PVyxyEqRzYzjBU2fr7Xn3q:AGDHZqhl2mnFR5j/3YzWBUEn3q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30
PID 2540 wrote to memory of 2408	2540	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f570d6ce7d048fd23f18e7dc9b9bc08_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f570d6ce7d048fd23f18e7dc9b9bc08_JaffaCakes118.dll,#1
  2⤵
  PID:2408

memory/2408-0-0x0000000000130000-0x0000000000135000-memory.dmp

Filesize
20KB

Download