f9bd6d0f72972202665903df0c3938bb16c71ea170430c87eb3a59c5182b30c9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 22:59

Target

605296dda53f243a8573a3061b63e3d3_JaffaCakes118.dll
Size

7KB
MD5

605296dda53f243a8573a3061b63e3d3
SHA1

538609156ceb484cbd89f2d22c16cfe0fd675a8d
SHA256

f9bd6d0f72972202665903df0c3938bb16c71ea170430c87eb3a59c5182b30c9
SHA512

0f445d4b346b6ce9028a2f45c7086694a7a6e93f14b44d4492e13e8ea4cd971d1e43d83166f216ca20e2f8f6ff747af24dd8850fd89befcd05b7963a05c3973f
SSDEEP

192:K+F2zMG9vfGCjBs5UIDpLkb9xkgUw9fuW:K+F+Btns/Op++

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30
PID 3064 wrote to memory of 2324	3064	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\605296dda53f243a8573a3061b63e3d3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\605296dda53f243a8573a3061b63e3d3_JaffaCakes118.dll,#1
  2⤵
  PID:2324

memory/2324-4-0x0000000010009000-0x000000001000A000-memory.dmp

Filesize
4KB

Download
memory/2324-3-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2324-2-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2324-1-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2324-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download