326f7b186b6561cedf3c8d9b85d54bd4712d231610ae344c21b1ab54593123ca

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 21:50

Target

2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll
Size

8.0MB
MD5

2dee6c848fe4eaa626c704c042a1bb06
SHA1

c1e523d19575602aef3fe400f878d9dd26d7c968
SHA256

326f7b186b6561cedf3c8d9b85d54bd4712d231610ae344c21b1ab54593123ca
SHA512

9cf5c799a9f1892e74a388750112549034e789504f88e561fb8d251ebb22b0f0e969981c48ed6d6819a44dd9ebefb882079e1a7c6b32d9e1bc7135e7d86ee289
SSDEEP

196608:59RC/4uCpLYMIn36QSvacJkI5WvqHXF06lGGtz1pCE1UdPqCp/:5TQCpLynqQ+Zr1xlHXD1Utqa/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30
PID 2528 wrote to memory of 2156	2528	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dee6c848fe4eaa626c704c042a1bb06_JaffaCakes118.dll,#1
  2⤵
  PID:2156

memory/2156-0-0x0000000002140000-0x00000000035D6000-memory.dmp

Filesize
20.6MB

Download