da4767cd8fb0c15c9817c5eed7eb132fe0111a0be70b367bf5a26f40d327ef9d

Analysis

max time kernel
14s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 00:38

Target

6574240b5ccd06b1abb981af236c8ae1_JaffaCakes118.dll
Size

232KB
MD5

6574240b5ccd06b1abb981af236c8ae1
SHA1

5585067bf28b488a80840b90f8a35235bf9d16c8
SHA256

da4767cd8fb0c15c9817c5eed7eb132fe0111a0be70b367bf5a26f40d327ef9d
SHA512

5f9de66936228af0bf431ef6e9a7a543c2e71aa65d06f5f48c8c20493aad1c2cdc23fa6d02219e1bf611810ddcb322d4066cd5c3cb2649965088d84f2870fcdc
SSDEEP

6144:IQOAzLMcpSiV7ZXdWubpFE+1ejI5OEv/rj3M9zWPZL:08S21YudFE4rxn3Ey5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29
PID 2348 wrote to memory of 2972	2348	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6574240b5ccd06b1abb981af236c8ae1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6574240b5ccd06b1abb981af236c8ae1_JaffaCakes118.dll,#1
  2⤵
  PID:2972

memory/2972-0-0x00000000001E0000-0x0000000000218000-memory.dmp

Filesize
224KB

Download
memory/2972-1-0x00000000002E0000-0x0000000000331000-memory.dmp

Filesize
324KB

Download
memory/2972-5-0x00000000001E0000-0x0000000000218000-memory.dmp

Filesize
224KB

Download