c2615ffb10732e62215d208ad6e18fe5dcaf5fee58ca81f4355c5c5185bcc718

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 02:45

Target

2ab66f4d1fba0ce11ec2874f3df0be8d_JaffaCakes118.dll
Size

98KB
MD5

2ab66f4d1fba0ce11ec2874f3df0be8d
SHA1

29d8a1cceb1b099caa8183c020a47226a1eb29db
SHA256

c2615ffb10732e62215d208ad6e18fe5dcaf5fee58ca81f4355c5c5185bcc718
SHA512

caff23329cbb0ebe43b60fdf5c69418b760f1fe63d6d313e6198fe93816b30ad84bbfaba4d8e7f575755f60124a9ee3538d3ddf6303595cc6c4550c98966d867
SSDEEP

1536:aNpCsIvhuwnc9HSraZJCen14F7xNVGWs9DI6ND2ebC2fV5gEXjK7XsclpoF4Hro:/fvEWcVxjmFdNVDsxBhBCETKsclpowo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30
PID 2056 wrote to memory of 2980	2056	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ab66f4d1fba0ce11ec2874f3df0be8d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ab66f4d1fba0ce11ec2874f3df0be8d_JaffaCakes118.dll,#1
  2⤵
  PID:2980

memory/2980-2-0x00000000004E0000-0x00000000005E9000-memory.dmp

Filesize
1.0MB

Download
memory/2980-1-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/2980-0-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download
memory/2980-3-0x00000000004E0000-0x00000000005E9000-memory.dmp

Filesize
1.0MB

Download