7b786094de6c5e1524e0052056c202e3fa4ea00e86421b91160cc5c0a80a8aae

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 03:24

Target

4801a5dabeaba2444b955b7f8544fd1e_JaffaCakes118.dll
Size

56KB
MD5

4801a5dabeaba2444b955b7f8544fd1e
SHA1

027d7c5875dad61fc9c4d071aee979b19f54769f
SHA256

7b786094de6c5e1524e0052056c202e3fa4ea00e86421b91160cc5c0a80a8aae
SHA512

637f3838c83420dba2e82bd8f512f56f14715fce0780ce76bf137a5c9d11c4f6b35d6b80adad9a85d458397ff437a039f1d9fb28b43cbcc50821cd5def992d5f
SSDEEP

768:BN/qmKR2yeRXo97aAhp7o05n+VtuPjnNsBpszER:BN/rKRpMorNnBPS4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30
PID 2688 wrote to memory of 2692	2688	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4801a5dabeaba2444b955b7f8544fd1e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4801a5dabeaba2444b955b7f8544fd1e_JaffaCakes118.dll,#1
  2⤵
  PID:2692

memory/2692-0-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download
memory/2692-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download