204491aa2171316f2c0ff2d2067b4208330847bd9682ea93c43172ace7d7f6ee

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 11:43

Target

09b57f0a8a203392ba55ad41cc3d8033_JaffaCakes118.dll
Size

1.0MB
MD5

09b57f0a8a203392ba55ad41cc3d8033
SHA1

921c22b8cea570fd9a754d2e99757ba43d18db6d
SHA256

204491aa2171316f2c0ff2d2067b4208330847bd9682ea93c43172ace7d7f6ee
SHA512

8b34776dc915abbfa9a30dc965547d9b7b2f7c5199fabf69118339a78f54a1a6ca14437f6ec0afcabedda50281d2e4077fcdbf91dd06776b67ffdfb2bc28959a
SSDEEP

24576:PbyexUYrSmh6RQ5/7ju+pS0+M3tb0pvaep5Ztv:+8UkSrIu/0J3tCieDn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28
PID 2756 wrote to memory of 2820	2756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b57f0a8a203392ba55ad41cc3d8033_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b57f0a8a203392ba55ad41cc3d8033_JaffaCakes118.dll,#1
  2⤵
  PID:2820