f924c547aff9ad82b37d254e908af7bbab9e047e17d8fbb486d6216c0b4f3662

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 17:38

Target

3e430fa3523fc4b0fd315b4dd7b800be_JaffaCakes118.dll
Size

32KB
MD5

3e430fa3523fc4b0fd315b4dd7b800be
SHA1

daf7a0c5d7d625c34bc50de003041c04ea1f9618
SHA256

f924c547aff9ad82b37d254e908af7bbab9e047e17d8fbb486d6216c0b4f3662
SHA512

59729441b3cce2733b4718e5db687c4b1a5f413a8960ca9206a058609598ec7200c833b3f9a265986bd9def0ee7a2842331dac7f3345298ddff175847355ae85
SSDEEP

384:1o2f/tvzZuJL4YXGMMA3Rt5wC/MUMxiJVqTETPcVoMz5hSMlOW7t52+QE+:1oIlZuJTBRyxsWE7cV7z5hVlOWV+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30
PID 2380 wrote to memory of 1900	2380	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e430fa3523fc4b0fd315b4dd7b800be_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e430fa3523fc4b0fd315b4dd7b800be_JaffaCakes118.dll,#1
  2⤵
  PID:1900

memory/1900-3-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1900-2-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1900-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1900-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/1900-4-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download