44914a7852066874fd9485e36cedfe458cd316670a47ef6069e0dcf9c19cd66d

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 09:45

Target

3cdf499ab40c8d7d6ae378a7848fe32c_JaffaCakes118.dll
Size

37KB
MD5

3cdf499ab40c8d7d6ae378a7848fe32c
SHA1

795deae5be854cbad7eff2f7a036165e24cf574d
SHA256

44914a7852066874fd9485e36cedfe458cd316670a47ef6069e0dcf9c19cd66d
SHA512

02758f6073f55069ccd4ca36cdacd02038dd5e84793b5da86b6c6098479188d1d98aea4d067f288210cacd0171256c82177ce1352b00313ab37d381236eb23a2
SSDEEP

768:TRCAo+MK4xV90dAdPbN333mltV7yEmsl+xDTIS:VC5xV90dKF3y32E1l80

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31
PID 2176 wrote to memory of 3068	2176	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdf499ab40c8d7d6ae378a7848fe32c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdf499ab40c8d7d6ae378a7848fe32c_JaffaCakes118.dll,#1
  2⤵
  PID:3068

memory/3068-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/3068-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download