b1efb4f995c24fb43478bfce8ac8d008fab42e49e44026dd93eff64970f3807b

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 18:39

Target

42e0868c182a032e2791d8120e6d3d47_JaffaCakes118.dll
Size

212KB
MD5

42e0868c182a032e2791d8120e6d3d47
SHA1

b4a0e566570e79916d14be6fd802460671a950dd
SHA256

b1efb4f995c24fb43478bfce8ac8d008fab42e49e44026dd93eff64970f3807b
SHA512

303f59f83a1b7e1072083b2e9de81d91c8aa4674d187d3169918296f5f3a6622d4eabac585b0ef95d12a3536166175e0bd5a4ded7f43f238e4b9e34df5936aa1
SSDEEP

3072:Yro9yzR8yKqtjJiyG5uoNZNPn62ZZzNKt4jA+jcmNrW65uxIoPNH3SAhMX1VP:Hyzy7qtjJiZNNntlA7Jsl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29
PID 2412 wrote to memory of 1736	2412	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42e0868c182a032e2791d8120e6d3d47_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42e0868c182a032e2791d8120e6d3d47_JaffaCakes118.dll,#1
  2⤵
  PID:1736

memory/1736-0-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download
memory/1736-2-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download
memory/1736-1-0x0000000010000000-0x0000000010038000-memory.dmp

Filesize
224KB

Download