585f2a571e34e03a8e3eb37e975a490abd1a3a13815fd39163e467f77063bb1b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 20:22

Target

2dadf5690fe789ccddacf828801fd46b_JaffaCakes118.dll
Size

260KB
MD5

2dadf5690fe789ccddacf828801fd46b
SHA1

4f8ccbd4bc99739355067fef94d97eb5bfe6e3f2
SHA256

585f2a571e34e03a8e3eb37e975a490abd1a3a13815fd39163e467f77063bb1b
SHA512

b9921d07f605f466ddb4cd589c8ceee4bfd549c8311af7c312972fbfda8fe929adf3c99198dad1a3c559d02dfc88a8a1556684928dbcff9ea6a918dce11f22cc
SSDEEP

6144:0MYWUoFIa0GkHuMJrSIDMKvsvn0J6wQ/BpCd1+NTPKY7to:oWxaXvHSIIlv0JlkKd1+1PKYho

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30
PID 2652 wrote to memory of 2516	2652	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dadf5690fe789ccddacf828801fd46b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dadf5690fe789ccddacf828801fd46b_JaffaCakes118.dll,#1
  2⤵
  PID:2516

memory/2516-0-0x0000000010002000-0x0000000010004000-memory.dmp

Filesize
8KB

Download