13bf9e19ec3b4fb09bce08c5f1ba4cad26def358cdeaa758a78e5561a39c71f8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 23:55

Target

088a2c66a453a93102bc35a459c4235b_JaffaCakes118.dll
Size

819KB
MD5

088a2c66a453a93102bc35a459c4235b
SHA1

6db918de4b8f3e7ca096a383ef7c88dab2e1b1c8
SHA256

13bf9e19ec3b4fb09bce08c5f1ba4cad26def358cdeaa758a78e5561a39c71f8
SHA512

08b881b21abf79c1a5ee7eb83ab8b42aa2a16cba0c331e2dda2aec0fca1197ce5fac4ee1a9a3e78ec1af90a97e6d5527ae1487d4617f701a1963568638b8119d
SSDEEP

12288:ppBYQ/MqeVtf13FRu8yNDZILcDd2MvoTXupyh5QW1b8Szojv:pDYQ/Mv91jHGIo2MvI+Evh1b8SEjv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28
PID 1964 wrote to memory of 2100	1964	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\088a2c66a453a93102bc35a459c4235b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\088a2c66a453a93102bc35a459c4235b_JaffaCakes118.dll,#1
  2⤵
  PID:2100