207f8e9286d25ab5b393277dbc486fa6620cb2d496d048e28fc3cd323160479d

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 21:10

Target

64d18f5a7fcfbf85fa4f38291812427d_JaffaCakes118.dll
Size

129KB
MD5

64d18f5a7fcfbf85fa4f38291812427d
SHA1

76a3ead86711740178cf469555f6ab40667f46d3
SHA256

207f8e9286d25ab5b393277dbc486fa6620cb2d496d048e28fc3cd323160479d
SHA512

66738b14a570f4a0063bdf581b5a93dc67943614082a3715b9de81e1912a23b103dcc022252887bc53509f9a990b0a7f3cfe3106965cac419efebe85f5f84974
SSDEEP

3072:jNE8A7acUFuN8P878E6F3+0Z0Dc4RNj79:Zia9P8IE65v0DTj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28
PID 2100 wrote to memory of 292	2100	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d18f5a7fcfbf85fa4f38291812427d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d18f5a7fcfbf85fa4f38291812427d_JaffaCakes118.dll,#1
  2⤵
  PID:292

memory/292-0-0x0000000000BD0000-0x0000000000D40000-memory.dmp

Filesize
1.4MB

Download