631a8ecba98d4b63ba0d51b36aeb131478f2950bbcfacd786c9b9bab25f86341

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 03:09

Target

b17cf56bf17094ab78e4cde56a24c809_JaffaCakes118.dll
Size

839KB
MD5

b17cf56bf17094ab78e4cde56a24c809
SHA1

78c5b643e969aa010b72669375a458cd971c9c6b
SHA256

631a8ecba98d4b63ba0d51b36aeb131478f2950bbcfacd786c9b9bab25f86341
SHA512

69e034dcf4b79d68689734478e18690e5b6abcd8e0ba90b7ca501a82500434a675fa0402f4640005c99ee7321fc95bdc80237e9314e8a9e0936a1398d4645f0e
SSDEEP

24576:rehuDnpo2UFVSlRu5kykTwfK3tPYqM5hv4RbtHv87Ufk+N0:rPo2UFVSlRu5kykTwfK3tPYqC4RbtHy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28
PID 1800 wrote to memory of 552	1800	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b17cf56bf17094ab78e4cde56a24c809_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b17cf56bf17094ab78e4cde56a24c809_JaffaCakes118.dll,#1
  2⤵
  PID:552