3a09ad32076743e2e38ac0ddaedaca8ea2f521010609ab5a21b06bdae1937692

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 01:44

Target

3b8bc779df07938c758ef33a9d2ba8d5_JaffaCakes118.dll
Size

230KB
MD5

3b8bc779df07938c758ef33a9d2ba8d5
SHA1

63752a750b360c8e79cdfed3e6de1199c2d73bad
SHA256

3a09ad32076743e2e38ac0ddaedaca8ea2f521010609ab5a21b06bdae1937692
SHA512

09b1869a6dc9f33f42d773971b25bc0b9f9eca61a9db7ed394fac8024209bf17716f7a3341bccce71545c8a9d37b49436255d5a235bf14e67f53979b90799b32
SSDEEP

6144:PjcC8oo/xf0E4s7sSiDMU39dmQY1tt+DWJgK:P4Zb/xf4ksSiwUtdmftQK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31
PID 996 wrote to memory of 780	996	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b8bc779df07938c758ef33a9d2ba8d5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b8bc779df07938c758ef33a9d2ba8d5_JaffaCakes118.dll,#1
  2⤵
  PID:780

memory/780-0-0x0000000010000000-0x00000000100A8000-memory.dmp

Filesize
672KB

Download
memory/780-2-0x00000000001D0000-0x0000000000208000-memory.dmp

Filesize
224KB

Download
memory/780-1-0x0000000010000000-0x00000000100A8000-memory.dmp

Filesize
672KB

Download