1a334cca216fe17cb712183b12699b6ff3ad8199da3600c68aec0f2fcd96be61

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 05:34

Target

f06dc527989fa11b879aff62626984d4_JaffaCakes118.dll
Size

78KB
MD5

f06dc527989fa11b879aff62626984d4
SHA1

031ccfe91fe244867fe485df3e5e11f3d4b79f49
SHA256

1a334cca216fe17cb712183b12699b6ff3ad8199da3600c68aec0f2fcd96be61
SHA512

5a4e95a070eabe8a8e439cf8212db7d3ae99fc6d9692fc1036ef65f83f46c094f0b77ca90011c3263dee1170c356254cb37456cd545d20e92b1941d64997dc1c
SSDEEP

1536:KsWGHeLBAjdqPd0xnhBbgA6UBeiFT0fR7KhZdFpjXenyroa4hR:FWHokOVheHfwZdFpeyr2n

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28
PID 2296 wrote to memory of 2460	2296	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f06dc527989fa11b879aff62626984d4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f06dc527989fa11b879aff62626984d4_JaffaCakes118.dll,#1
  2⤵
  PID:2460