048430d6071abaabb7dc29ace20a49f040407c879ee04fe99321e8d511471df5

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-04-2024 01:53

Target

08c1fa98964b3c2191238c7aa3134f86_JaffaCakes118.dll
Size

1.1MB
MD5

08c1fa98964b3c2191238c7aa3134f86
SHA1

9ba8853ebd69b0fc7c7181aadcac6a313ee0a431
SHA256

048430d6071abaabb7dc29ace20a49f040407c879ee04fe99321e8d511471df5
SHA512

dd2c38c2ed76648831e5034b7bb1b0b7f95f0489c6b59cf3aae97b896655743bc3664a0f3ea71cc6e080f648f32fc84f1fc5bd953a4d5c0dc231c98e74b4cbff
SSDEEP

24576:7bba91q6btoq63x1Exf1cfhUSnIaWA62IekSXp5rPfxWxa1Vv:7azbtScVafhU6IvA68kA3+6Vv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe
PID 2584 wrote to memory of 3040	2584	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08c1fa98964b3c2191238c7aa3134f86_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2584

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08c1fa98964b3c2191238c7aa3134f86_JaffaCakes118.dll,#1
2⤵
PID:3040