fe9369606665edde73e2bb27fb2120f0fcc7de5406da3cfcc4b195df54bf4620

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 00:20

Target

152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll
Size

2.4MB
MD5

152294cc4a2b5c86ad99fd1f9263ecb2
SHA1

a5a39532c7d155bf3e74429c1a5016c7576c34f5
SHA256

fe9369606665edde73e2bb27fb2120f0fcc7de5406da3cfcc4b195df54bf4620
SHA512

591bc2b4acdc10f9561ae1e78a20df40a808985d950ae6c30f604757ad70974dadaa6d1e3e24a2ba02dfe41d1f878de783c5974d2de8e67faad817fe306dc7dd
SSDEEP

49152:vig6MHCT4Cgzcubg5kYLSzPHpES1fV2c61xqh0NBdenH1:P6Mv70kYLYHpESOT1xqCdeV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe
PID 2384 wrote to memory of 1660	2384	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2384

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\152294cc4a2b5c86ad99fd1f9263ecb2_JaffaCakes118.dll,#1
2⤵
PID:1660