0e489fcb91110754fac1bc1f80f9e1091c9983629bdb4348b926ce8e1232ae98

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 04:08

Target

3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll
Size

96KB
MD5

3bef39d4787d31bc2d198d71421a3909
SHA1

2debe058c9220341df80efab9f281d8f29153423
SHA256

0e489fcb91110754fac1bc1f80f9e1091c9983629bdb4348b926ce8e1232ae98
SHA512

a0325b2c171004b71876d9f9daa8e28d8f5e4613bbaafe2874106655aef6bbed8193618389c3cbef6b100e45a0d5d9e6708c93b29242d7867c9a1531de5ed46f
SSDEEP

3072:W44eYhg3IeJHxkJMH/wWipXKyihFABD4ypnu:b447jxKBD4yRu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30
PID 2152 wrote to memory of 3064	2152	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bef39d4787d31bc2d198d71421a3909_JaffaCakes118.dll,#1
  2⤵
  PID:3064

memory/3064-2-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/3064-3-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/3064-1-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download
memory/3064-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download