065d45fe809eb111fcdeb7ec6ee7a23141ff58e27d2443286d0465dd84467d5b

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 08:19

Target

16c9d69251bb1084269d787478d17be0_JaffaCakes118.dll
Size

1.1MB
MD5

16c9d69251bb1084269d787478d17be0
SHA1

34ccfe984fb47e0b9ff1574b8632992a5ddc1659
SHA256

065d45fe809eb111fcdeb7ec6ee7a23141ff58e27d2443286d0465dd84467d5b
SHA512

b16f039e2c0caee55e27f7e03a4e9488e35d47e72545b35739a5e954b6a5249fda7ff21a8a423a2eb8d795c9ceb18d466fbd5dcfc76b249dfe603184fb30b363
SSDEEP

24576:C0ucFLJjPM0C1/KDwEo5TCG5ST33w1tJnIHVNlUzNVSXiKu7eTl8JRWyXIK+b0:UCjPM0CMkEm5Sj3w1tJI1DkVEiKu7TRp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe
PID 2336 wrote to memory of 1680	2336	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c9d69251bb1084269d787478d17be0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16c9d69251bb1084269d787478d17be0_JaffaCakes118.dll,#1
2⤵
PID:1680