aa14d71d161d69eac36bada2d015beecd5e2c69f8c87e7fffa05b1fba26a2496

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 03:47

Target

65e6025462d5b47e07d5fd724a549c92_JaffaCakes118.dll
Size

96KB
MD5

65e6025462d5b47e07d5fd724a549c92
SHA1

ac4fe1241cce7954645df72c2785d31f6b886869
SHA256

aa14d71d161d69eac36bada2d015beecd5e2c69f8c87e7fffa05b1fba26a2496
SHA512

49d24737e27c1b5e960d3cd27b6cf6f01fd73168f4d9d495ff9e1ba605bc2e3f6a47f87e465972aac42f293b11e2f1c38fac57dbab52d5d12e6bee335a273f3d
SSDEEP

1536:XSjGtP+TI8kV41IzPNtMCuTVmJP5EOoO6Y84p0cOn4wGQ1eoian4z4zwXrAC:CadV9tL3d84ppQ1eoian4z4zwXz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe
PID 2512 wrote to memory of 1956	2512	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e6025462d5b47e07d5fd724a549c92_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65e6025462d5b47e07d5fd724a549c92_JaffaCakes118.dll,#1
2⤵
PID:1956