30ee7b1dcc1bace462632287dee04106d90eefa00f65d8cfb05f0eb227bd3f7c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 18:48

Target

3e7748a799dcde5a0720c1cfab5149e7_JaffaCakes118.dll
Size

100KB
MD5

3e7748a799dcde5a0720c1cfab5149e7
SHA1

59a35689c1d8b9f3b5540e5d7367820fb65721ec
SHA256

30ee7b1dcc1bace462632287dee04106d90eefa00f65d8cfb05f0eb227bd3f7c
SHA512

0fcb11a4a43c9738e62b670cc320a3707b2a834129328d0b7616909a6f37167f80f388e82875b68900208da52ad24e11e32e989307e303f3067ebcc3d7f142b3
SSDEEP

1536:voJmO9jqGvoMFo2mfM5CjPQ0fEMNVsAqcM7IjV6BTfAxKXaL:voJmO9GGg/lfjjIrtAqvQV6BTfWKX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30
PID 2400 wrote to memory of 3064	2400	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e7748a799dcde5a0720c1cfab5149e7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e7748a799dcde5a0720c1cfab5149e7_JaffaCakes118.dll,#1
  2⤵
  PID:3064

memory/3064-0-0x0000000010015000-0x0000000010028000-memory.dmp

Filesize
76KB

Download