1b7704f28ca03941829b86b4983049338f2cdd3e06e499390783d605a63cb666

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 06:50

Target

6a17e56a3bb540c010714ecb3f82bc0c_JaffaCakes118.dll
Size

207KB
MD5

6a17e56a3bb540c010714ecb3f82bc0c
SHA1

f4c999b339b81c3517f73723366d730aa92c7aea
SHA256

1b7704f28ca03941829b86b4983049338f2cdd3e06e499390783d605a63cb666
SHA512

319e3c161f415f45113508fcd0e58850e17e53b93c7ceb33e9b120b5a68570a71bf32be59a3e4cc9d7192d2fe6e0e66c9c1ff7f7d8a8be15f092971beebbd658
SSDEEP

3072:KlC60GeD6N9Za5Yp6zPC952DmKX0tDV2/jqBkLcP6j5U55J:KNxfaWUzPWEKKX0pURLcyji

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe
PID 2264 wrote to memory of 1708	2264	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a17e56a3bb540c010714ecb3f82bc0c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a17e56a3bb540c010714ecb3f82bc0c_JaffaCakes118.dll,#1
2⤵
PID:1708