626dabd057c4b6e32abad73850f1210250f037db6c005e89997420df28c6c639

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 16:45

Target

a16244381cf1dc7cf9ed7b9a14473b1a_JaffaCakes118.dll
Size

1.6MB
MD5

a16244381cf1dc7cf9ed7b9a14473b1a
SHA1

76f97d428d95d32d8f552dd177261083ee2c3d1a
SHA256

626dabd057c4b6e32abad73850f1210250f037db6c005e89997420df28c6c639
SHA512

ecee2856e2af5942b2efe932879ccf074ac07e724c5d075536cff084a90677e697572c87e8f6f0eb1ac1b9ad0cb712d8ea6e95ee7de0bce60ceffd0460bc062b
SSDEEP

49152:A9JYmaYk1N5Uwlt6eA/GUg9q+w1ST6qipmHTt7z:A9JQD1WG9qe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28
PID 2676 wrote to memory of 2832	2676	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a16244381cf1dc7cf9ed7b9a14473b1a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a16244381cf1dc7cf9ed7b9a14473b1a_JaffaCakes118.dll,#1
  2⤵
  PID:2832