77a38887d90af1f7da52d5221bd25c27e185b18a0cff4a8dea6ce65928509339

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 14:20

Target

462f3898e806a41523eaed3cb93be070_JaffaCakes118.dll
Size

152KB
MD5

462f3898e806a41523eaed3cb93be070
SHA1

0b79f2012fba317cd97479fd04551d6c058e81e0
SHA256

77a38887d90af1f7da52d5221bd25c27e185b18a0cff4a8dea6ce65928509339
SHA512

cdd81c356bfc98e732c681a367da209f4a3676d4265313a708e6c9bbe1929a2d63d81df21a9dc27dd7fb8da6f0ac54b6de29d088f4daf7344305873708a28e72
SSDEEP

3072:HnECwuIJQCylOgK3BpeIFciV3jU4nEvlTaPxpg0Vi8KGLYoLX:HEGHIKIFc0N4kEc1nz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29
PID 2160 wrote to memory of 1772	2160	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\462f3898e806a41523eaed3cb93be070_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\462f3898e806a41523eaed3cb93be070_JaffaCakes118.dll,#1
  2⤵
  PID:1772

memory/1772-2-0x000000006D7B0000-0x000000006D7DA000-memory.dmp

Filesize
168KB

Download
memory/1772-1-0x000000006D7B0000-0x000000006D7DA000-memory.dmp

Filesize
168KB

Download
memory/1772-0-0x000000006D7B0000-0x000000006D7DA000-memory.dmp

Filesize
168KB

Download