baad56eabc83db042dffadb7b576030db674f3f3602c23e935531974fbfdd6a7

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 12:25

Target

41a622cd03eec5123c9e170129d05821_JaffaCakes118.dll
Size

84KB
MD5

41a622cd03eec5123c9e170129d05821
SHA1

f70d5f9d68b4cb2491ec8a8616f4bb1e1a5800a6
SHA256

baad56eabc83db042dffadb7b576030db674f3f3602c23e935531974fbfdd6a7
SHA512

4e63296188a51aa5c6f469e8c90816a80412e3945a5d5772ef1361c412cc336aa7466ad9d02d3cc8067d7cff3d8ef394b697b373b964513c00f37b65c8453080
SSDEEP

1536:hMP4HoVWMFRxP4yxM0bwN//h42tVxYs1a7RAnx6x5uYkXnWe8zgsAy:hXHt2xQ0kNDVyoa7RAnx6x5unAgs

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	2768	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	2768	WerFault.exe	31

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2756 wrote to memory of 2768	2756	rundll32.exe	31
PID 2768 wrote to memory of 2712	2768	rundll32.exe	32
PID 2768 wrote to memory of 2712	2768	rundll32.exe	32
PID 2768 wrote to memory of 2712	2768	rundll32.exe	32
PID 2768 wrote to memory of 2712	2768	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a622cd03eec5123c9e170129d05821_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a622cd03eec5123c9e170129d05821_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 464
    3⤵
    - Program crash
    PID:2712

memory/2768-0-0x00000000006D0000-0x0000000000709000-memory.dmp

Filesize
228KB

Download
memory/2768-2-0x00000000006D0000-0x0000000000709000-memory.dmp

Filesize
228KB

Download