3a3e992b7808c922f6dfc747c840193bef88f69626b93e37648cc6c471bdb967

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:35

Target

694ef9807661cde1bd54dd330be1c4cc_JaffaCakes118.dll
Size

610KB
MD5

694ef9807661cde1bd54dd330be1c4cc
SHA1

a85203fdbfa2c9f2a43f625802d2dc5c48b3798f
SHA256

3a3e992b7808c922f6dfc747c840193bef88f69626b93e37648cc6c471bdb967
SHA512

a162da33d3a880bccda9388861628f91ca8153bde74c8767ad401ed77e81aeb50ae063861e3fe4f08ec1a48816509920638a67ddca543b06ce05a9e57dbb26aa
SSDEEP

12288:bFdLNgLyzCGKEaoUq7WW9BbY6HpnFEIlG23vJaDh:bFwRhE/n7ZL7HpJlG23vJaDh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe
PID 2460 wrote to memory of 2720	2460	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\694ef9807661cde1bd54dd330be1c4cc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\694ef9807661cde1bd54dd330be1c4cc_JaffaCakes118.dll,#1
2⤵
PID:2720