20c978371867fcde7bba07c740b6ea635045e28b5f7541859ac26b597761395e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:26

Target

65852f043e9b161643e9179cd2062fc8_JaffaCakes118.dll
Size

515KB
MD5

65852f043e9b161643e9179cd2062fc8
SHA1

48052ce2b91fc7e31d3048deb7240299f08cda19
SHA256

20c978371867fcde7bba07c740b6ea635045e28b5f7541859ac26b597761395e
SHA512

fc6ef696c04257263a124ca62ee2f781d23ab76aed8fe7640fff8305e05b1dce5b984e91a5d72bdf428a057119c2948eb80c9f71aa31035afa54d3d7f3aefe4f
SSDEEP

12288:snnlu2BpLiPwlUfIKKuioD4LP22dwfktnYBm:snnllsQUfIKKuZAP2fo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe
PID 1792 wrote to memory of 1228	1792	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65852f043e9b161643e9179cd2062fc8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65852f043e9b161643e9179cd2062fc8_JaffaCakes118.dll,#1
2⤵
PID:1228