d0eee02693b6e8607870284ec7bf3cc6785062260a65e1d742aae29fc107fc35

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 22:32

Target

4bb0a7f859cf1655cb57976de10ca539_JaffaCakes118.dll
Size

100KB
MD5

4bb0a7f859cf1655cb57976de10ca539
SHA1

9987b581201089e6517051654d22e825965a3e80
SHA256

d0eee02693b6e8607870284ec7bf3cc6785062260a65e1d742aae29fc107fc35
SHA512

0febe70d1a97bbc3b8677bb967b42feb4764c479ed05784e654430581aba3d98343f2d89b86611611f7b953dfbc4b60c8f4ceaffd4214424d33bd5e0b5a4ee51
SSDEEP

3072:6i8OWBS66krGFeIAK/omI4FVmItqEBKf1RHQFiyEux:6KfeGWAHVmeqeKd3ux

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31
PID 784 wrote to memory of 2320	784	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb0a7f859cf1655cb57976de10ca539_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bb0a7f859cf1655cb57976de10ca539_JaffaCakes118.dll,#1
  2⤵
  PID:2320

memory/2320-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2320-2-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/2320-1-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download