4314fb9e5ee643ebf4c88152ee22505c02f3f601d3bfb8cb38625983d5e7eb5f

Analysis

max time kernel
12s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 01:31

Target

659f5fb53d6166a856170854ffa3be57_JaffaCakes118.dll
Size

188KB
MD5

659f5fb53d6166a856170854ffa3be57
SHA1

cd538fea4f8e04bd010f75bc0d2e3c5d38775fef
SHA256

4314fb9e5ee643ebf4c88152ee22505c02f3f601d3bfb8cb38625983d5e7eb5f
SHA512

f2ed297a7dbf43cb34c2165d9b376c1a28d5ff1cb4998fd152360beb54e218096d472f5321807d7dfd62001ee48623a97f94266e7bd4dec15a5a652eec8d08e5
SSDEEP

3072:LECYZAQF7+/CgmBG+Vt2tqTBf8hCk+vhPmkCUcAPxl/ahISDRy4NFzCLFajBCQgh:zR/CgmjVoqTBkhvHBsPzahISDrt1Gow

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30
PID 2268 wrote to memory of 2372	2268	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\659f5fb53d6166a856170854ffa3be57_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\659f5fb53d6166a856170854ffa3be57_JaffaCakes118.dll,#1
  2⤵
  PID:2372

memory/2372-1-0x00000000752D0000-0x0000000075306000-memory.dmp

Filesize
216KB

Download
memory/2372-2-0x0000000075310000-0x0000000075346000-memory.dmp

Filesize
216KB

Download
memory/2372-0-0x0000000075310000-0x0000000075346000-memory.dmp

Filesize
216KB

Download
memory/2372-3-0x00000000752D0000-0x0000000075350000-memory.dmp

Filesize
512KB

Download