617f47820c8027525bc80a9ca808dd786ce927c9317e5309865524440db1483c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 08:22

Target

4d850db0b3b9ac835049e577fe8c3726_JaffaCakes118.dll
Size

757KB
MD5

4d850db0b3b9ac835049e577fe8c3726
SHA1

dbe864c1f970c6d8888db4fea75d32692ee5da76
SHA256

617f47820c8027525bc80a9ca808dd786ce927c9317e5309865524440db1483c
SHA512

3046ee2725de72e304a75e0b9713024dfbcd43594b9908db2a4fb71ba9f6d24afec69047ba080a00c3ea0260a44ada04a586d57e785fabe244ba7439e02e8a2c
SSDEEP

192:Kip0NZlArFaMe9YgkxKxhX9knMD0g7oHizWXegKFBd4opOPYBAYhpH75KnpNroY:B0PZkYz9knqGBEXOqz75KpSY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30
PID 1948 wrote to memory of 288	1948	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d850db0b3b9ac835049e577fe8c3726_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d850db0b3b9ac835049e577fe8c3726_JaffaCakes118.dll,#1
  2⤵
  PID:288

memory/288-0-0x0000000020000000-0x0000000020008000-memory.dmp

Filesize
32KB

Download