f237172ef897d51e96ab7076bb5dcca504e032b638620d18ec91a0d30e8ff5fd

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 02:01

Target

15798e1246b2a23691994cef44801958_JaffaCakes118.dll
Size

890KB
MD5

15798e1246b2a23691994cef44801958
SHA1

2aee07b0962ccd2d6d9dfe03672e67b54d0f962b
SHA256

f237172ef897d51e96ab7076bb5dcca504e032b638620d18ec91a0d30e8ff5fd
SHA512

f39ac1576774bf2f7408ab881502e50a586a90bef54be1c375f709e1727533b8750d9ed957e62dfedbf51d781439bb5057ad448e5cd0f838021688024f71cfc2
SSDEEP

12288:xPzGmW7/WOhplEbqwkcwpn6wYAA6+bUzE/PLDHiNl+kwHE8NlLHc10rKYS50T0cl:xPC4saTLtEy0cDNFuRtB8OlM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15798e1246b2a23691994cef44801958_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15798e1246b2a23691994cef44801958_JaffaCakes118.dll,#1
  2⤵
  PID:2144