316b260067475820e03fa752afc733049394d35d39dffc59db4f17e12b02fc7f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 08:56

Target

5b40b5a2cc13860edac533fcf4357e41_JaffaCakes118.dll
Size

10KB
MD5

5b40b5a2cc13860edac533fcf4357e41
SHA1

7bead2cf151c6be4d55715b573e7bb0e1cee3166
SHA256

316b260067475820e03fa752afc733049394d35d39dffc59db4f17e12b02fc7f
SHA512

9170bbd9651188ec76426ea9c1e4e2e2a77dcdf103fc19297c1568af25fcaf43573548c826ea6a19d0cc8653bca2f798970b2e6a1da51616fb1b347f5f2481e4
SSDEEP

192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w9wb:6dHad/N20IypWak8dWiWak8EdWx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30
PID 2088 wrote to memory of 2444	2088	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b40b5a2cc13860edac533fcf4357e41_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b40b5a2cc13860edac533fcf4357e41_JaffaCakes118.dll,#1
  2⤵
  PID:2444

memory/2444-0-0x000000006DD20000-0x000000006DD27000-memory.dmp

Filesize
28KB

Download