150ea597e07790098ae4191bc75085d1a2fef9321659020472cc4daead89b0b6

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 14:09

Target

aecb4aa3c44fadd9d7bf3e35c6e05288_JaffaCakes118.dll
Size

840KB
MD5

aecb4aa3c44fadd9d7bf3e35c6e05288
SHA1

6fede62e48b2a89710c0d2f12b9aa83e16e9d83f
SHA256

150ea597e07790098ae4191bc75085d1a2fef9321659020472cc4daead89b0b6
SHA512

96c24d1e2e1f1748f74b5691a2bedb39db9b8edec4b9193b4ca669b69f41769309fb870a838651e32506a94991a86042a51cf28412097e6ec709667500d24e22
SSDEEP

12288:Ra2rlp6vp+3Ov7BIhEisov4Xz1vayHAYBnjrvhyxuAbXkS+oWFTC7OHQItRsoy:RaaSp+3OD3istXz1v17LAwfogTIjA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28
PID 2196 wrote to memory of 2792	2196	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aecb4aa3c44fadd9d7bf3e35c6e05288_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aecb4aa3c44fadd9d7bf3e35c6e05288_JaffaCakes118.dll,#1
  2⤵
  PID:2792