6cf3b52c50f4cd9b9f85cc8dfd1ab8c18d6540cc22feb50c0a0d615876bf39d2

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 14:44

Target

22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll
Size

13KB
MD5

22b8cba2388c73b2ba80f469724f593a
SHA1

8ff206612bce5fc4d5bcd4774ee7217a829c7f13
SHA256

6cf3b52c50f4cd9b9f85cc8dfd1ab8c18d6540cc22feb50c0a0d615876bf39d2
SHA512

a90c4e216af2c0067ab4d03dc0a10fb17cb9381e46213bf0c62a04fdf616d617e533b72bc0ad7dd99d48bf4bba112834542f8af4e2ae626adf3cdf560af9a061
SSDEEP

192:lf1hUS1nawe9EPjvpm7pVUTQjg5+uHfq5yxthlhC:lf1ixwl9meh+P8A

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28
PID 2172 wrote to memory of 2356	2172	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b8cba2388c73b2ba80f469724f593a_JaffaCakes118.dll,#1
  2⤵
  PID:2356

memory/2356-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/2356-1-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download