944622fb2971d380955059af5f379c2525556d1a0b747dac73ea5cf0b9eb7e08

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 09:41

Target

670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll
Size

265KB
MD5

670f430cb84c8c5e12ba19f82befc434
SHA1

b45ad6adac2f8099dfc4731eddcf41e257d6c219
SHA256

944622fb2971d380955059af5f379c2525556d1a0b747dac73ea5cf0b9eb7e08
SHA512

402814b4bd7cfda4e1183ed9fa6279d7bc2f0dc3764f4039dceae9fb31c3cb3b84b7b92d7e19f16db97f71d07a173ae2e06f8a4d6d785db356fbf88b8421f2c2
SSDEEP

6144:byFKCz6hpn4G2+lKI6nCJ2uTEeX3OYHDsJC5yOTcJw3+ykFS2pddl0n4A0dhHZDO:byJc4F+llwuTEU3OYjyU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30
PID 2032 wrote to memory of 2096	2032	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll,#1
  2⤵
  PID:2096

memory/2096-0-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2096-3-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2096-2-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download
memory/2096-1-0x0000000000400000-0x00000000004BB000-memory.dmp

Filesize
748KB

Download