2419574b7992135220c4dc0b98195654cb46a90d1f41252b7ad914ae75319ac5

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 00:27

Target

3f7d2ed5439e998630aaf4f3a8f5dea5_JaffaCakes118.dll
Size

2.5MB
MD5

3f7d2ed5439e998630aaf4f3a8f5dea5
SHA1

6c048a291d6bf138a49c2454717c3bd61635570a
SHA256

2419574b7992135220c4dc0b98195654cb46a90d1f41252b7ad914ae75319ac5
SHA512

d9ab2df663d6f61c0eaa27c4ddd93f94fedb0f52e4de8524ae6824b7ce7c99b657ffae31e9a0a542b156ec767f9cfb8064fae27eafc42c4a52cbf011d50b7a2b
SSDEEP

49152:EJ2f3iRfX9/GZDCBywcLen7QD/7uxKILLE0:22fSR5UDjLe7QLOY0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30
PID 2096 wrote to memory of 2192	2096	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7d2ed5439e998630aaf4f3a8f5dea5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7d2ed5439e998630aaf4f3a8f5dea5_JaffaCakes118.dll,#1
  2⤵
  PID:2192

memory/2192-0-0x0000000020000000-0x0000000020008000-memory.dmp

Filesize
32KB

Download