2d3151fcc0d5b3ddd6955d6c07904744a366b312f2e3ab26470e3862207489bb

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 10:38

Target

4df2f43474415985b2e90697ea2ddc38_JaffaCakes118.dll
Size

307KB
MD5

4df2f43474415985b2e90697ea2ddc38
SHA1

a357ac8db6885c2c16c6f238c53dc9105e484416
SHA256

2d3151fcc0d5b3ddd6955d6c07904744a366b312f2e3ab26470e3862207489bb
SHA512

78e04dedb9d0d6d0bc8b7c9c2f89bb485fe7a519c24014186f348e3ac53cdc9929448642dd8daf036e595c24bcabd53dcd92d214367aba05f838f5e988684b57
SSDEEP

6144:Yk4l2LPYeBGxT+xyQE3msdyjtVxRl8lUvkCxPCV6OVug:WMjh4i7E2sUjpCUvkCxPNxg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30
PID 2960 wrote to memory of 2248	2960	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4df2f43474415985b2e90697ea2ddc38_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4df2f43474415985b2e90697ea2ddc38_JaffaCakes118.dll,#1
  2⤵
  PID:2248

memory/2248-1-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2248-4-0x0000000010000000-0x000000001009F000-memory.dmp

Filesize
636KB

Download
memory/2248-3-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2248-2-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download
memory/2248-0-0x0000000010000000-0x00000000100A0000-memory.dmp

Filesize
640KB

Download