206b9ee2d0d0a2c6fcd2b1e109d575014945f7de93441f3723f94f8cbd2072a9

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 04:55

Target

046b3664c9df8f96c0941e7c66966423_JaffaCakes118.dll
Size

1.1MB
MD5

046b3664c9df8f96c0941e7c66966423
SHA1

70f9181efaa9989a103bc0d71b854f40c0769061
SHA256

206b9ee2d0d0a2c6fcd2b1e109d575014945f7de93441f3723f94f8cbd2072a9
SHA512

95889e4ec57e3c3cb67796f3108462949d7953d065fbffa80fcc447a74bca1210ac056eda197a9f384eee5fb81169f2a66b5bb84215f2cf0b091b7b1c241fe40
SSDEEP

24576:Jkj0Ks/6YXO9RWHQPDYxLck8TavmwwKRhrJqYI9ZeUlTPVGlmC:A00fLSQrYxLP0KRhrJqnDPGJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe
PID 2036 wrote to memory of 1904	2036	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\046b3664c9df8f96c0941e7c66966423_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\046b3664c9df8f96c0941e7c66966423_JaffaCakes118.dll,#1
  2⤵
  PID:1904