086ed6f8f57f367bc89f232436b5781ecfa38d75c182aa5b42ae41e0833b344a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 05:45

Target

5ab0fe76a0c7b3f5fdce852b64cbb08a_JaffaCakes118.dll
Size

61KB
MD5

5ab0fe76a0c7b3f5fdce852b64cbb08a
SHA1

a6a19f557a94d5ac92c96b09baa8cacdaf701804
SHA256

086ed6f8f57f367bc89f232436b5781ecfa38d75c182aa5b42ae41e0833b344a
SHA512

4de024769635f0fd00cbace29a51ce591398078d8dd0323c0a3000c4256f4500d59c0a04f18a014b0eb23579c4309d6533e3c5608f8bd930975947102dd41f58
SSDEEP

1536:3QxxFeNdEMM/yBI5VmO3TJ6FEVuASZuc91yXO2x:gsEMYjTJ69aOk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30
PID 2584 wrote to memory of 1604	2584	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab0fe76a0c7b3f5fdce852b64cbb08a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab0fe76a0c7b3f5fdce852b64cbb08a_JaffaCakes118.dll,#1
  2⤵
  PID:1604

memory/1604-0-0x0000000010000000-0x0000000010061000-memory.dmp

Filesize
388KB

Download