2d2e9c8c291c0316917f4608e73a78bd9fef3df01fd3cd2895c375c871732439

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 10:53

Target

4978154c70bcec83aa3ef549118f8670_JaffaCakes118.dll
Size

173KB
MD5

4978154c70bcec83aa3ef549118f8670
SHA1

1bf929da9edcd0609d29051deec3ed61587bc7e9
SHA256

2d2e9c8c291c0316917f4608e73a78bd9fef3df01fd3cd2895c375c871732439
SHA512

50fca0158ad364aa983047cd8980c7274b7a2a2d505d06baf36439d8125a7b12ca743cc9e50f703af664f2130118db13c28666aa2b5e6c4117f02ae008c502ef
SSDEEP

3072:XeZeKyJbvN/dSqA2xReFURUdXE3eXuOfO1LJW4LTkyagDic9/baswYzL/m18pf:XeZby9N1SoeGCdXErAO1RLLWswYz3p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30
PID 2200 wrote to memory of 3068	2200	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4978154c70bcec83aa3ef549118f8670_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4978154c70bcec83aa3ef549118f8670_JaffaCakes118.dll,#1
  2⤵
  PID:3068

memory/3068-0-0x0000000000170000-0x0000000000187000-memory.dmp

Filesize
92KB

Download
memory/3068-1-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download