13daf818e86c016c8cfe8e4cdf71d5621384f25e51be7a501b698779067bfda5

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 06:28

Target

74986b4a8ec0891e2ff136bd9dd399da_JaffaCakes118.dll
Size

67KB
MD5

74986b4a8ec0891e2ff136bd9dd399da
SHA1

e69e814a4764a386e7f9c8490452773cfa11be57
SHA256

13daf818e86c016c8cfe8e4cdf71d5621384f25e51be7a501b698779067bfda5
SHA512

8e8a36f1e242b039e056b459124bedffb71ce0eee305f6de85ab3850d58f4a80a9d79afea42ef7797faf60ab5c37d9d591a2735aa6cd806135c235242450e8e5
SSDEEP

1536:Mrj2DTisS3kVb9H7+/72kNRMzv+pVecfZgtLvcMM:a2DTv1VR472uMzGfuvc7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28
PID 2460 wrote to memory of 2988	2460	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74986b4a8ec0891e2ff136bd9dd399da_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74986b4a8ec0891e2ff136bd9dd399da_JaffaCakes118.dll,#1
  2⤵
  PID:2988