61986485a9bc032483eac8c70a4dbccd86d10e03b7418625640740ef4e436310

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:59

Target

622649cbc92e63843e21c1064eb0174c_JaffaCakes118.dll
Size

117KB
MD5

622649cbc92e63843e21c1064eb0174c
SHA1

9b690b1e0dd7310080978b6655953906c1a03fa3
SHA256

61986485a9bc032483eac8c70a4dbccd86d10e03b7418625640740ef4e436310
SHA512

c23e031112a367f9fa57a4f4b31dec3471b6036ad0e15598a6d827094d81e4195abca0b26b38176f6ff074d9fe1499be896c39ba7bc847bce8ab07b8710b4f83
SSDEEP

3072:QOLxGT8I3a02LQP26rRCUkv0xQoPy3MEDdOZlR35FJ0E1ZCOtPb+Czd:heRGQPXCUksxQo63MNxDbAOtz+Cz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\622649cbc92e63843e21c1064eb0174c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\622649cbc92e63843e21c1064eb0174c_JaffaCakes118.dll,#1
  2⤵
  PID:1796

memory/1796-1-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1796-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download