2ec49256b14f16ea5e9d7cfe413e7a9ef8072a745aa031862b88bdaee7ba3e53

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:09

Target

5f80484e39f9137ad09effa9a66bde97_JaffaCakes118.dll
Size

41KB
MD5

5f80484e39f9137ad09effa9a66bde97
SHA1

31fbff0fd0beac218cc82ea2af4cc56bac488175
SHA256

2ec49256b14f16ea5e9d7cfe413e7a9ef8072a745aa031862b88bdaee7ba3e53
SHA512

6c9c62ce889e03943070ac0ad46433ace126d87cd77632bf458967be702fbf944c4612c6aa5cce5912bd29e0bf4392e77f62bd9914f18d535e6cce1e718cd853
SSDEEP

768:2vnelLFjLNe/qB46qsm6m68glmrSLHA3v45xWbJQ2MWAOzXv3uhN2:2feZFNepum6Lrv5xYQ2MGCE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30
PID 2572 wrote to memory of 2380	2572	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f80484e39f9137ad09effa9a66bde97_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f80484e39f9137ad09effa9a66bde97_JaffaCakes118.dll,#1
  2⤵
  PID:2380

memory/2380-1-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/2380-0-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/2380-6-0x0000000075394000-0x0000000075395000-memory.dmp

Filesize
4KB

Download
memory/2380-5-0x0000000077520000-0x0000000077521000-memory.dmp

Filesize
4KB

Download
memory/2380-4-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/2380-8-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/2380-10-0x0000000075380000-0x0000000075490000-memory.dmp

Filesize
1.1MB

Download
memory/2380-9-0x0000000000100000-0x000000000010E000-memory.dmp

Filesize
56KB

Download
memory/2380-3-0x0000000000170000-0x000000000017F000-memory.dmp

Filesize
60KB

Download
memory/2380-2-0x0000000000160000-0x0000000000168000-memory.dmp

Filesize
32KB

Download