6a575500efc97d026c77e22ab01112bdc746a84d325e25c5a3ab09d627cf2503

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:13

Target

68f66419e99a67fbaa956880c438b705_JaffaCakes118.dll
Size

90KB
MD5

68f66419e99a67fbaa956880c438b705
SHA1

f210f52459af853fc095f60187b0664b992d8033
SHA256

6a575500efc97d026c77e22ab01112bdc746a84d325e25c5a3ab09d627cf2503
SHA512

22f8a84e90c7f5cfa7744495db5d82973ebd5d9db2a6495378368a5697033a927e7a46ad769e8c0951e9bb0edb448ee5e3740c66e1db499d8cf32cff64a1ad67
SSDEEP

1536:kLUhElBCHkdp3ZwtO1dT6qgDQ6PsDM3DQEYeq9YAR21QdPWydJMaX8qO2O3:wcAQi3ZKO1neQysg3ve3PWy4adO2O3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe
PID 1924 wrote to memory of 2060	1924	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68f66419e99a67fbaa956880c438b705_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1924

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68f66419e99a67fbaa956880c438b705_JaffaCakes118.dll,#1
2⤵
PID:2060