488efaa64fb74e996beb5b1346fc7fda210c7da4b8ba64af8c6632ffec212f5d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 13:25

Target

4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll
Size

124KB
MD5

4602512c4903b6c7987ed381564b58e9
SHA1

0ffebca900aa8862ac1fb3525371d62f9a900a5b
SHA256

488efaa64fb74e996beb5b1346fc7fda210c7da4b8ba64af8c6632ffec212f5d
SHA512

98aa3fa6020923a21a0e8e8b35803cc7764a8b3868e133305cc058b077afd3474be44e136ec252e997fc0b100679fadaf3d6a97dcd5383b5f194ce0f78882755
SSDEEP

3072:ymHbLOuJcW7wYfhI8FkCZOOtr/rrwtoQ4y:N7LBJ/wynFkCR/r0toQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30
PID 2380 wrote to memory of 2504	2380	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4602512c4903b6c7987ed381564b58e9_JaffaCakes118.dll,#1
  2⤵
  PID:2504

memory/2504-0-0x0000000000150000-0x0000000000174000-memory.dmp

Filesize
144KB

Download