9b873df2823c7cd08e619c129246d3addac575db1960ffa245430fe179846c52

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:35

Target

48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll
Size

183KB
MD5

48d37f23910cdc8c92ae5c92f9fc6c2d
SHA1

4e03e1f9c7b373c3769bf48460e2e60a0d8ad247
SHA256

9b873df2823c7cd08e619c129246d3addac575db1960ffa245430fe179846c52
SHA512

91f5c94ff13ff6e4fc02a9f53e2602341398482a95fe279cae1f3bcc73647c666cf9ed4fb37aece4c86942adde95a7f975ea5562048e61941a49200fbb885ae9
SSDEEP

3072:B9f3bXYVm+1eRg0AoT+JGuy+zq8fflpwnYlnptV:B97Um+1eG0AoT6Guy+ff9pWYlnpt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29
PID 2056 wrote to memory of 3020	2056	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll,#1
  2⤵
  PID:3020

memory/3020-0-0x0000000000170000-0x00000000001AF000-memory.dmp

Filesize
252KB

Download
memory/3020-3-0x0000000040960000-0x0000000040971000-memory.dmp

Filesize
68KB

Download
memory/3020-2-0x0000000000160000-0x000000000019F000-memory.dmp

Filesize
252KB

Download
memory/3020-1-0x0000000000160000-0x000000000019F000-memory.dmp

Filesize
252KB

Download
memory/3020-4-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download