ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 05:37

Target

4871648ef8b37504b19ff67283a2a658_JaffaCakes118.dll
Size

55KB
MD5

4871648ef8b37504b19ff67283a2a658
SHA1

3c935116d55e05be3126da7398e0e00264ac176e
SHA256

ca9d2560043605778fba91f71ec680a5f9e4f324b8425dcaf4096fb8961ad02d
SHA512

4deb6b97d87234f3ffd29bf7490728371285162fa2e7de579fca35dd37703a4380cf1f732c0ee8103969bd4a8602ae6a260d80cea5b7d310b939ebb7b3b248ac
SSDEEP

1536:FX/4isLma94WeamYtm8sJX456F2gKTg+W+LUo:lds394UmYtm3FWg+W+LU

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1916	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1612 wrote to memory of 1916	1612	rundll32.exe	30
PID 1916 wrote to memory of 1200	1916	rundll32.exe	21

memory/1200-1-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1916-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download