2e0876a236694377c4a9abb303887c51784877717f2adf1267b68f546daf37cc

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 05:57

Target

3c38b2e91cc58e554a36c373d3991b2f_JaffaCakes118.dll
Size

60KB
MD5

3c38b2e91cc58e554a36c373d3991b2f
SHA1

44c43e9d61d8ef587d8f005734809a6879188068
SHA256

2e0876a236694377c4a9abb303887c51784877717f2adf1267b68f546daf37cc
SHA512

88b64acff9053223a434b09dd44e13ce2175bfffee73f86ce26fd5801284dce72e340ac74b22049d4eb3f9fe7a384a91598a9bc7ffad7b2339910778c5dbb859
SSDEEP

768:MF36ihpP3/j1ZmU/kqMTVhLLvivsqNgYR64vhb36Wk:MF3dxL/bsqMTDYsq8ab4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30
PID 1656 wrote to memory of 1292	1656	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c38b2e91cc58e554a36c373d3991b2f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c38b2e91cc58e554a36c373d3991b2f_JaffaCakes118.dll,#1
  2⤵
  PID:1292

memory/1292-4-0x00000000001E8000-0x00000000001E9000-memory.dmp

Filesize
4KB

Download
memory/1292-3-0x00000000001D0000-0x00000000001F3000-memory.dmp

Filesize
140KB

Download
memory/1292-2-0x00000000000A0000-0x00000000000C3000-memory.dmp

Filesize
140KB

Download
memory/1292-1-0x00000000000A0000-0x00000000000C3000-memory.dmp

Filesize
140KB

Download
memory/1292-0-0x00000000000A0000-0x00000000000C3000-memory.dmp

Filesize
140KB

Download