292a49e16b1499130d69a513421f607cf1dbf13a442dc68cf8578689447eca8f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 10:39

Target

19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll
Size

104KB
MD5

19d126e528c422aec7280cca54bd14c2
SHA1

1ce611d34fdd94723739294e65629cbafbf0a819
SHA256

292a49e16b1499130d69a513421f607cf1dbf13a442dc68cf8578689447eca8f
SHA512

a7c1a43165318dc1b347269ee0792cf7494cee788316de332af672b192fd8d263ae44f6378f9be22b6322cef0778a70cd002e9ad42582ef83bdabfd247136572
SSDEEP

3072:Yx73qAAdzsMEYQ5sdTtz1Eu93H3bOtCLu:qqAAdzOvEEwH3beCS

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

rundll32mgr.exe

pid process

2188 rundll32mgr.exe
Loads dropped DLL 9 IoCs

Processes:

rundll32.exeWerFault.exe

pid process

1636 rundll32.exe
1636 rundll32.exe
2712 WerFault.exe
2712 WerFault.exe
2712 WerFault.exe
2712 WerFault.exe
2712 WerFault.exe
2712 WerFault.exe
2712 WerFault.exe
Drops file in System32 directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\SysWOW64\rundll32mgr.exe rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2712 2188 WerFault.exe rundll32mgr.exe

pid	process
2188	rundll32mgr.exe

description	ioc	process
File created	C:\Windows\SysWOW64\rundll32mgr.exe	rundll32.exe

pid	pid_target	process	target process
2712	2188	WerFault.exe	rundll32mgr.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

rundll32.exerundll32.exerundll32mgr.exe

description	pid	process	target process
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 2208 wrote to memory of 1636	2208	rundll32.exe	rundll32.exe
PID 1636 wrote to memory of 2188	1636	rundll32.exe	rundll32mgr.exe
PID 1636 wrote to memory of 2188	1636	rundll32.exe	rundll32mgr.exe
PID 1636 wrote to memory of 2188	1636	rundll32.exe	rundll32mgr.exe
PID 1636 wrote to memory of 2188	1636	rundll32.exe	rundll32mgr.exe
PID 2188 wrote to memory of 2712	2188	rundll32mgr.exe	WerFault.exe
PID 2188 wrote to memory of 2712	2188	rundll32mgr.exe	WerFault.exe
PID 2188 wrote to memory of 2712	2188	rundll32mgr.exe	WerFault.exe
PID 2188 wrote to memory of 2712	2188	rundll32mgr.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19d126e528c422aec7280cca54bd14c2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2208

\Windows\SysWOW64\rundll32mgr.exe
Filesize
60KB

MD5
cd963c64ad0bea4ca85a4819f6eefed1

SHA1
d9cd6316cf3c6ce5ceec9694c2debc7b7981775f

SHA256
33c4b715dc8b183dff9aac65cc42c7f2c70658580b8e3d449878251482a5d906

SHA512
f7cd12c57eff3acf7c89b0e7b55dfa81623618a65d6c49b490c199cfe63ae9e858f2681c8ef1425d1e4b25f7b0bbd6d4a9d9788956c23f52fece3d5d79b5907e

Download Submit
memory/1636-2-0x000000006D1C0000-0x000000006D1DA000-memory.dmp

Filesize
104KB

Download