b2dd29426216916027bbd5108971da8284c2d2f3915eadfcd0ad7fa38668a799

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 20:06

Target

5d79d862e8c5a0aeeeb653c1da38f845_JaffaCakes118.dll
Size

9KB
MD5

5d79d862e8c5a0aeeeb653c1da38f845
SHA1

0a82f1dc30f9d9d7db33bfd6f850a9330d99ce9d
SHA256

b2dd29426216916027bbd5108971da8284c2d2f3915eadfcd0ad7fa38668a799
SHA512

88f868f2d7baf1dcc488626b16b929c2f50568bad7e37789f040d8f2f75ebcf1596f1995a2ed9277d7e1e536228e5771b0ed26818ac33ef591d4533e584e4239
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34b:kuwEt8rsTUtPLzKNWSYWF4b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30
PID 1976 wrote to memory of 2412	1976	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d79d862e8c5a0aeeeb653c1da38f845_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d79d862e8c5a0aeeeb653c1da38f845_JaffaCakes118.dll,#1
  2⤵
  PID:2412

memory/2412-0-0x0000000076F90000-0x0000000076F97000-memory.dmp

Filesize
28KB

Download