84def4eea45cfb30b8a8ab2bffe772dbd1194c8dd3eca2b48224db3e1ce73d9e

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 02:53

Target

2ebf7b77b8cb4aa70e75907497b09d0a_JaffaCakes118.dll
Size

138KB
MD5

2ebf7b77b8cb4aa70e75907497b09d0a
SHA1

1bff1490c1ff8ea81d37c01dc02d3b914c7e0976
SHA256

84def4eea45cfb30b8a8ab2bffe772dbd1194c8dd3eca2b48224db3e1ce73d9e
SHA512

04dc6c96449167b5b25c6d4362e968d1d0314501449e29017458f6b0b0478bf2455305e9c1aa7cca92a07e7066b09f75c4b7fa1dd2de8353ebd8ebdd581619d7
SSDEEP

1536:mH3C1JYIvKSQ/aVfOn/UKrp83MgnZoqN5CPaWD7XXYIUON8V66QcqiIO/34kiyS:YIiSQ/U8p8c21WD+O46ncqA/ziy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30
PID 1464 wrote to memory of 2240	1464	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ebf7b77b8cb4aa70e75907497b09d0a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ebf7b77b8cb4aa70e75907497b09d0a_JaffaCakes118.dll,#1
  2⤵
  PID:2240

memory/2240-0-0x00000000001F0000-0x000000000021A000-memory.dmp

Filesize
168KB

Download
memory/2240-1-0x00000000001F0000-0x000000000021A000-memory.dmp

Filesize
168KB

Download