fa2b86bf75c316ca27c8cfb13369eb5a3f7d3fd65f1e95c404c80edd36e7fb09

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 12:37

Target

49cf3adc8a9f886ab5609a224f015c21_JaffaCakes118.dll
Size

373KB
MD5

49cf3adc8a9f886ab5609a224f015c21
SHA1

692f3d7baf9072f02cc1375b577a0e18b48d69fa
SHA256

fa2b86bf75c316ca27c8cfb13369eb5a3f7d3fd65f1e95c404c80edd36e7fb09
SHA512

1a2a6dae3d78ce2f5932824485dce9eaaeaaae377a41147b9d0447ff91e1c66670bce512a75851db30a257e2db9e1309622b803ccda079021f535615f679a422
SSDEEP

6144:Vg4aHgbjTlIPt/bAIDStvX6g0TJdRd6IwYi5wMVfqRIQLaV:a4aCw/bAImtvX6g0E5wMVyqDV

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1044	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29
PID 580 wrote to memory of 1044	580	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49cf3adc8a9f886ab5609a224f015c21_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49cf3adc8a9f886ab5609a224f015c21_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1044

memory/1044-0-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download
memory/1044-2-0x0000000002270000-0x00000000022B0000-memory.dmp

Filesize
256KB

Download
memory/1044-1-0x0000000002270000-0x00000000022B0000-memory.dmp

Filesize
256KB

Download