e13021d06263fd2cc6ea757024e3dc707d031f219f01667836bba05f6b6800b7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-07-2024 13:06

Target

45f19f2c64b15d87d240a53f9a939678_JaffaCakes118.dll
Size

52KB
MD5

45f19f2c64b15d87d240a53f9a939678
SHA1

21fdb9fa9a1641ca14dc0ad28c860dcc5ee01df0
SHA256

e13021d06263fd2cc6ea757024e3dc707d031f219f01667836bba05f6b6800b7
SHA512

e3f004149e3b019f84058b351ff1d297ee2b1727e7f0767d07268f33e4d56f29684d22c3b0c581cb465f9583c28d9fa9ed40a3f1cb55790f8d8d57cb68b2236c
SSDEEP

768:nOMXq8O9SKwy3LA788EJwzlB5c/hbUJj4o9UPweZ:n1XtO9SK3kvlB5c/JUaoBe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31
PID 2960 wrote to memory of 1984	2960	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45f19f2c64b15d87d240a53f9a939678_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45f19f2c64b15d87d240a53f9a939678_JaffaCakes118.dll,#1
  2⤵
  PID:1984

memory/1984-0-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download