074617b01841b67f12df1c9d9d7a99d7b70a496b49733ad0f7c41ceb716882c0

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 02:59

Target

4405253a1093d75938c553fef0da773a_JaffaCakes118.dll
Size

15KB
MD5

4405253a1093d75938c553fef0da773a
SHA1

147d1207e14c14c67620dbd9f13e506be430b070
SHA256

074617b01841b67f12df1c9d9d7a99d7b70a496b49733ad0f7c41ceb716882c0
SHA512

9e7986c3dc2f514ef9d975501e4185223d81a9bdb0af3c7d52c5324249f9a1eb52259dcfb0830019f7532a4c06e79c8359510bed5f846a078e065949dcf94ce7
SSDEEP

192:pY99MaNnFnGSx8u/kScd41ZHMQAkecqq3oDj8X520LmNZl9oomqWRUDnkr3NR:2993Iu/kScC19M9q40daN72NPGDnkLX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4405253a1093d75938c553fef0da773a_JaffaCakes118.dll,#1
  2⤵
  PID:2176

memory/2176-0-0x000000000B8B0000-0x000000000B8BC000-memory.dmp

Filesize
48KB

Download