ee7028870073794f1ba3db406130621a5ca778668805b4b6308b68c67be9cb28

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 00:26

Target

476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll
Size

2.1MB
MD5

476f4d6d64a1bc94e23d65a08e0baaab
SHA1

e1fc9949ceddf488f60e0ee36c32b6518862de73
SHA256

ee7028870073794f1ba3db406130621a5ca778668805b4b6308b68c67be9cb28
SHA512

c1aaa969befe82e590149ba18c85b40fb39f3128ab4df6aa952da967e2ca4b5e6d0bb073a377d48606c9c84d29454d3eae76752de98cc2b9b8c2dca9ec724748
SSDEEP

24576:YDsmV1zzMTn+byEFtcjNtscfpFVp7pdNWJqk+m7WbMKwfq5P2wq9qHM4ZBjbTBlA:osmT47+7FiB+cfRWkkjY5qUHj1FhW8q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29
PID 1944 wrote to memory of 2036	1944	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll,#1
  2⤵
  PID:2036

memory/2036-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download