697fc7453127cc9da260d6f12d13f9a50c7f2c6446efd1f394be4655b8456ef2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 22:29

Target

470d737059bdc671b891347c0c1c54e4_JaffaCakes118.dll
Size

53KB
MD5

470d737059bdc671b891347c0c1c54e4
SHA1

74df0af8d2ea0d49dd0a72f8ca49bd749255cebb
SHA256

697fc7453127cc9da260d6f12d13f9a50c7f2c6446efd1f394be4655b8456ef2
SHA512

c218990040ece996b68a6e5e5db95d00db0b465d112fb5af2834e1925c6d1d87eea55158744de4946847acaefbc77f2bba67054f62f02651a906f03bb9943da3
SSDEEP

1536:2Iy1bJAfx0i2W2q75Z4dzRTNI4KZ8EJhu3xJ0L:2IMJAfx0i2Wf75+dzRTIqMu3x4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30
PID 2352 wrote to memory of 2096	2352	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\470d737059bdc671b891347c0c1c54e4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\470d737059bdc671b891347c0c1c54e4_JaffaCakes118.dll,#1
  2⤵
  PID:2096

memory/2096-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2096-4-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2096-3-0x0000000000426000-0x0000000000427000-memory.dmp

Filesize
4KB

Download
memory/2096-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2096-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download