49b7378f0698752ae2712eef82260c1e761948667c15e1a2f5349ca2115e8603

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 03:11

Target

a3a2a21df0b7683d9828afad5489198e_JaffaCakes118.dll
Size

8KB
MD5

a3a2a21df0b7683d9828afad5489198e
SHA1

5c23c16f38a1db5718fd582441f5481159acd2d5
SHA256

49b7378f0698752ae2712eef82260c1e761948667c15e1a2f5349ca2115e8603
SHA512

d46b9637b32cf5e7564bdf761d89ceb0c30604a152e716158ae5bdf9de9773d4b604e5f21baea4e0c1f6a3ac4b0d09da2a42c1d18c66dce76a7a3e7facac36b7
SSDEEP

192:YBmutKqNrW2y877rdUQ4EDoPvgU/Hiq5VNZ7I94b:YgutjNJy8sED4IIiwnZ7I94b

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28
PID 1252 wrote to memory of 2416	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a2a21df0b7683d9828afad5489198e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a2a21df0b7683d9828afad5489198e_JaffaCakes118.dll,#1
  2⤵
  PID:2416