923a199f9e75d8ef88daa5cf774fed8e4e1a86c203992b225121d4fae6046e6c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 21:06

Target

3ee1fb4ffd47c9e2a0b646e4238a1a6e_JaffaCakes118.dll
Size

172KB
MD5

3ee1fb4ffd47c9e2a0b646e4238a1a6e
SHA1

7497e4fc354e8baf4c92d0d68c97afc884af9ef1
SHA256

923a199f9e75d8ef88daa5cf774fed8e4e1a86c203992b225121d4fae6046e6c
SHA512

5da4e5b002a54cf8f48285a5031ed00cc5c73a260efc3a9aa6d70aa69cafbbbcfa0090f966156bac2da9c0abbb0ea9aab8a3c49a4f61d0f6845031c4590a512e
SSDEEP

3072:z77oqWC77oqWC77oqWC77oqWC77oqWC77oqWC77oqWC77oqWC7q:DrrrrrrrC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30
PID 2180 wrote to memory of 2072	2180	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ee1fb4ffd47c9e2a0b646e4238a1a6e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ee1fb4ffd47c9e2a0b646e4238a1a6e_JaffaCakes118.dll,#1
  2⤵
  PID:2072

memory/2072-0-0x0000000000710000-0x0000000000783000-memory.dmp

Filesize
460KB

Download
memory/2072-1-0x0000000000710000-0x0000000000783000-memory.dmp

Filesize
460KB

Download