0e5c9178c0c705e8cefe13b6a8fe37ee5c8ef76b643c5535220ea0ac381c754a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 10:02

Target

38ab5a187648ca74cf8b0d36df4f1e74_JaffaCakes118.dll
Size

131KB
MD5

38ab5a187648ca74cf8b0d36df4f1e74
SHA1

4c5049c109f3b2f05578cdc3e9082664c831a973
SHA256

0e5c9178c0c705e8cefe13b6a8fe37ee5c8ef76b643c5535220ea0ac381c754a
SHA512

f1425e61ee6a41da8cf3e21c89ec5adc2287caf69e2401494b3e18ce9051ee24419039b80b8e1769dc1c538624155f1f1f8175ade1a55610bca1c9d358a11a0d
SSDEEP

3072:f+XFZx63+eOcvjbXBifdTtuyOyO/QuAvtWpo61IML:f+IPjjLMVTtgp4XtW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ab5a187648ca74cf8b0d36df4f1e74_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ab5a187648ca74cf8b0d36df4f1e74_JaffaCakes118.dll,#1
  2⤵
  PID:1796