79e35b8e37462c36093c2db5cb5da4b3380e11e5b8c8fd9f9a433889775e8a65

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 11:52

Target

633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll
Size

207KB
MD5

633125c60eb9c565bb86f56c20ca5539
SHA1

7f097329af081b42f82a4767ec9ef7febc70f3e8
SHA256

79e35b8e37462c36093c2db5cb5da4b3380e11e5b8c8fd9f9a433889775e8a65
SHA512

88b9dc21317ad2f3b274b69f9273f25e98d7cbc24ea17faad532aed784227941f7708bce886223efc6c6600ecfac69a6ad004df19a1ff637627a60523fd3a52c
SSDEEP

3072:KlC60GeD6N9Za5Yp6zPC952DmKX0tDV2/jqBkLcP6j5UY5L:KNxfaWUzPWEKKX0pURLcyjt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2924	2868	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\633125c60eb9c565bb86f56c20ca5539_JaffaCakes118.dll,#1
2⤵
PID:2924