4e5684309d05ea827ae18ddea49dc05efea76605bbd365ffc3a1c7f015362ff3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 05:17

Target

5a9bce48826a359f79875e092e13970f_JaffaCakes118.dll
Size

576KB
MD5

5a9bce48826a359f79875e092e13970f
SHA1

d355a82173c6a0df8a0716ce499182c1c3e4f33d
SHA256

4e5684309d05ea827ae18ddea49dc05efea76605bbd365ffc3a1c7f015362ff3
SHA512

4f0415d007091219bf10ea4b15fabd47b295ca309e4e500576d2f1030a78e27e691d081872203a9029239c527991cd0d96975b59b0ded9a0dc02462c0da904e3
SSDEEP

12288:L0pLJiXFUUgaUoZlf2Znmq78sKx5IHHgkeJPO1fP:wji1UdoZcZm5nyHgq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31
PID 2764 wrote to memory of 2788	2764	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9bce48826a359f79875e092e13970f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a9bce48826a359f79875e092e13970f_JaffaCakes118.dll,#1
  2⤵
  PID:2788

memory/2788-0-0x0000000000260000-0x00000000002E2000-memory.dmp

Filesize
520KB

Download