38d8ec0e103819a27ef4def9b2818df86c89712103ac7244a4252c168ebcb7af

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 09:07

Target

38810b638a4d0e48c14a153b7e5aa6a2_JaffaCakes118.dll
Size

295KB
MD5

38810b638a4d0e48c14a153b7e5aa6a2
SHA1

a3e478b6329260b9be133563613175a55f3968fe
SHA256

38d8ec0e103819a27ef4def9b2818df86c89712103ac7244a4252c168ebcb7af
SHA512

524d79c9191390618fb5148cd3ab1aaadbfb61500e1bc0179ce8fd3d2863319c71deb639e1a85a24d9c6f09dff38ee4b7e2f8e3f6ffa7b4e15baa566f22d13a9
SSDEEP

6144:jYbycOGFlXLAgoSUAVoEt6CfJZ1XFYanqJsU34iIYV6uhW0/nMF4ES:jYb/F5+e+EtGaDUEu00l

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30
PID 2492 wrote to memory of 2116	2492	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38810b638a4d0e48c14a153b7e5aa6a2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38810b638a4d0e48c14a153b7e5aa6a2_JaffaCakes118.dll,#1
  2⤵
  PID:2116

memory/2116-0-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download
memory/2116-1-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download