e64c88022d2830721fd3b25bf4797ce36b8797f4bac065ac126d4fea3fc4bec1

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 07:46

Target

40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll
Size

160KB
MD5

40cd5facbbf867fe2ccbbda4f4e9fb79
SHA1

5cf98cdab5236d4c07bf953f23b4c74ad55c1505
SHA256

e64c88022d2830721fd3b25bf4797ce36b8797f4bac065ac126d4fea3fc4bec1
SHA512

96629850453c2e18bd97eca8b5159667299022e46c1fabd61f0ad8fa457bbe81d5808ac985e7e2a6251d32a6c3f0c4a4bf0e48bdd3f6bf60bbef1dfceb11b6ba
SSDEEP

3072:h+r2VLOM4fEvP/DU1p3uUNy1L/4hMay8bIsDZUCDoM3jgHtlqJNzO6a4KeaH5KR:h6fYjAp3fy1L/4hMay4IHqoUgHtlqbWl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40cd5facbbf867fe2ccbbda4f4e9fb79_JaffaCakes118.dll,#1
  2⤵
  PID:1636

memory/1636-2-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/1636-4-0x0000000010029000-0x000000001002A000-memory.dmp

Filesize
4KB

Download
memory/1636-1-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/1636-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/1636-3-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download