c8e613ecd7b4783ea535f669d173a0306ba35b20de0f93e65015995feba43b6b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 10:17

Target

38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll
Size

155KB
MD5

38b68790bb25bb424b805ffed610ee9c
SHA1

bed4b19f11c8b46d3098cf63b5159eac7b3ce428
SHA256

c8e613ecd7b4783ea535f669d173a0306ba35b20de0f93e65015995feba43b6b
SHA512

f86d549f12580641c8888cc05f1355ce6b305299864cc865dbd066b4649299ca9cb396471a2027e1a2bc9e9725adc8fdb2882b02e8536f88c67e9eaba892b838
SSDEEP

3072:QG2nb11GVTOeP5xh+ppanECyJRPjE/AYNHjE+ceo7Tho6nXZ:QTn/GVbP5xcppnPQndjEl9ThTp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30
PID 2164 wrote to memory of 2664	2164	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38b68790bb25bb424b805ffed610ee9c_JaffaCakes118.dll,#1
  2⤵
  PID:2664