fffc868ce833c047c1ed2b36e7f59a946e7bfb54a6914a5a2580a0a8b48ebb0f

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 18:22

Target

4adbd1568cc6677490c52745e61ed26e_JaffaCakes118.dll
Size

36KB
MD5

4adbd1568cc6677490c52745e61ed26e
SHA1

0da9455cd1862eb1dc902dc8a9d1aa7541053bd6
SHA256

fffc868ce833c047c1ed2b36e7f59a946e7bfb54a6914a5a2580a0a8b48ebb0f
SHA512

d4555138e394252ee094856638758668d3df7ad2cc09a8466d77e4a4d66b76b97436a4fb073daf3729da42771bf1dea2e3a7473dd23afe6a925e1de0cace8e07
SSDEEP

768:1TKSc4sjrTlzdqGPQUgH+SgEU4Zqe6s1zCNdN:18V9RttgH+yoe6K2vN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31
PID 332 wrote to memory of 2340	332	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4adbd1568cc6677490c52745e61ed26e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4adbd1568cc6677490c52745e61ed26e_JaffaCakes118.dll,#1
  2⤵
  PID:2340

memory/2340-4-0x0000000000140000-0x0000000000147000-memory.dmp

Filesize
28KB

Download
memory/2340-3-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2340-2-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2340-1-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download
memory/2340-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download