12b1437f7cc67ad5e618caeb9f7088ac410447a53780ec7c618f8905f9352511

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 04:04

Target

3becafac751eaa33a53c18b54c0365f4_JaffaCakes118.dll
Size

6KB
MD5

3becafac751eaa33a53c18b54c0365f4
SHA1

640f7b3ddf0a143052009388b720216c994b1ad9
SHA256

12b1437f7cc67ad5e618caeb9f7088ac410447a53780ec7c618f8905f9352511
SHA512

b40934d0f52edadf40df7c8df26d5b33c97ef4f8c384ec616895672b13231ae6b890ad320536585c9bc7d3dd0edd61f229f7c7eadd8ef30127ed92742d357aa0
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31
PID 1236 wrote to memory of 2420	1236	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3becafac751eaa33a53c18b54c0365f4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3becafac751eaa33a53c18b54c0365f4_JaffaCakes118.dll,#1
  2⤵
  PID:2420

memory/2420-0-0x00000000762F0000-0x00000000762F6000-memory.dmp

Filesize
24KB

Download