ace021785db548af69e911bc381ae1fdf8e17c75a2fae121b36e9136a972c19c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 03:39

Target

5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll
Size

94KB
MD5

5ee4a54b10516755e98b2d583bfcec8c
SHA1

5b9f43118c3151604e66a6c1c87f5e300ba5efc0
SHA256

ace021785db548af69e911bc381ae1fdf8e17c75a2fae121b36e9136a972c19c
SHA512

96f9ae91e23c81c6e9a81c6ef86fb850a3718e56f444e8aa0a97a68e1c2e2f972998de68cec9051ed488a2f359e4a15d16051f5ea571154d0fdf8df7ff6acf88
SSDEEP

1536:QNDv8h1CLfWQnjM2n0Wvu6lh8R/8aO2yZuqfk/HoHm9ZeJ6x8c44WTX5hXgfv:qYsLnAKfFbaO2NHvwi8cCX5Sv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30
PID 2568 wrote to memory of 2460	2568	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ee4a54b10516755e98b2d583bfcec8c_JaffaCakes118.dll,#1
  2⤵
  PID:2460

memory/2460-0-0x0000000013140000-0x00000000131B0000-memory.dmp

Filesize
448KB

Download
memory/2460-1-0x0000000013140000-0x00000000131B0000-memory.dmp

Filesize
448KB

Download