2f849b15a40c8427fe606dc05d7b63665a133affd9338617b496ce1565b9a871

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 02:02

Target

5e9c49a29a7adb5ebc9d902f1dfdb43b_JaffaCakes118.dll
Size

6KB
MD5

5e9c49a29a7adb5ebc9d902f1dfdb43b
SHA1

494d28036b09651c2a30d9f8ef5c3f74fb1df01c
SHA256

2f849b15a40c8427fe606dc05d7b63665a133affd9338617b496ce1565b9a871
SHA512

fccb0ead2552df8ada05a78fccea0c0b3f5548a62e916c67e446978fe53dfa1f48e61fe97e467714a34e56a732964b6d5ac9629dd871c9a10bd48d76de7f3414
SSDEEP

96:eMlg7pPS1XfDJc0TKSJEbG1/A6nYe8PlJDb:Popqh9HTKQdhYe87P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30
PID 2184 wrote to memory of 1988	2184	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e9c49a29a7adb5ebc9d902f1dfdb43b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e9c49a29a7adb5ebc9d902f1dfdb43b_JaffaCakes118.dll,#1
  2⤵
  PID:1988

memory/1988-0-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download