a8615fa221efed885f5f118c9bb03e97f5279f500f5494c4a6e835cef71e7610

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 02:27

Target

20c4c2d0e4a628e85d4014ac99e92af1_JaffaCakes118.dll
Size

7KB
MD5

20c4c2d0e4a628e85d4014ac99e92af1
SHA1

17946c2cf1ada01c5fd0e094d12c4e1079a9b757
SHA256

a8615fa221efed885f5f118c9bb03e97f5279f500f5494c4a6e835cef71e7610
SHA512

15ac576978d96dabaa8fe3212f95a8b87344e9e4f76e15913fda9ad6c3b4818d7ff22a23f4b5f89428f1177d8c68d81544f0914cf789975f93e3835e87dcb66f
SSDEEP

192:ihDh9eeX72TIiZ1r8ew9eiom/OQ3i/q8ehV1KGah5Cp40NIbkgUw9m:chUE7iIisj9eiom/nyq8etKGagfNIEB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28
PID 2860 wrote to memory of 2968	2860	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20c4c2d0e4a628e85d4014ac99e92af1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20c4c2d0e4a628e85d4014ac99e92af1_JaffaCakes118.dll,#1
  2⤵
  PID:2968

memory/2968-1-0x0000000025031000-0x0000000025032000-memory.dmp

Filesize
4KB

Download
memory/2968-0-0x0000000025000000-0x0000000025039000-memory.dmp

Filesize
228KB

Download