9369fe22435465015b4f93c57fb35b7bbe3276bb1a71007478748f0f54eacb36

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 13:42

Target

41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll
Size

288KB
MD5

41e98d39f067c426743a0990c9e2b358
SHA1

84d37f6258b10c4250a3b0a9b12bc1ad20374210
SHA256

9369fe22435465015b4f93c57fb35b7bbe3276bb1a71007478748f0f54eacb36
SHA512

4476543d1edd5da74c815fea3ec5a6cac5d0c022889142d96542927f0fc10aee16a4801c7dde20e10535c726e94a3ecd581c6f26582bd96b26fb04455da419e5
SSDEEP

6144:ZAKyoS/E8AI1ftqOwqzxLkYuhAkEyZhGW5FYu77TwLn7v1G21OW:4LEaftqHqzJo/EyZP77nwL7v1GHW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30
PID 2296 wrote to memory of 2376	2296	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41e98d39f067c426743a0990c9e2b358_JaffaCakes118.dll,#1
  2⤵
  PID:2376

memory/2376-0-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download
memory/2376-1-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download