acb512b77dc69436c8899483a22b654e382966387971212bc4c3ce82392103a2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 04:21

Target

5f012cf39b391062836f874d2156bf52_JaffaCakes118.dll
Size

86KB
MD5

5f012cf39b391062836f874d2156bf52
SHA1

d3f86f2c5b0af9531f3dd662ebeaa2277e3a178d
SHA256

acb512b77dc69436c8899483a22b654e382966387971212bc4c3ce82392103a2
SHA512

c1ec28104b8d6af43426e4e3f0af17fcb3b784525199474ed7fabaee6ab8d5dd636f5ced9c6cf04deb5784c1d92c3e5ecc6e4bac568aeb859cd1df0974fb2fe3
SSDEEP

1536:bq+dX5z9lhsRbarmsapZyWK+0IStWJ+xruajIDUsL+JjiHq0VaO1FsPRFDmu+T7:bbdRhsRwmsmB4tCailUsLHq0VaODQw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30
PID 2252 wrote to memory of 2276	2252	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f012cf39b391062836f874d2156bf52_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f012cf39b391062836f874d2156bf52_JaffaCakes118.dll,#1
  2⤵
  PID:2276

memory/2276-1-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/2276-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download