04ab142d4ae3c4df4ae1aab7fa12cd0f9b555c074eaac7383ab6837af54d72e3

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17-06-2024 03:54

Target

b6a0fb1d7ad5dd600ae60cfc0956bd74_JaffaCakes118.dll
Size

840KB
MD5

b6a0fb1d7ad5dd600ae60cfc0956bd74
SHA1

9d7fd2c9c2c16c0c2ef54d537ff0d27854e21c84
SHA256

04ab142d4ae3c4df4ae1aab7fa12cd0f9b555c074eaac7383ab6837af54d72e3
SHA512

68f6d5f7788bf9e11897cc090e0a3984fd300a3a7fc99168394722904af65a52193a655fb32e014906b591ac05ef2721a786e5a0c942ea5017d935cb98762a13
SSDEEP

12288:rH6rmUm4tjxwSmgu6qTfnxB8PqCh7vHjwd4chw669vbAvE6FDzStRsjcl:rHZWtjxlmd6qTnxKblP64cu6mwHDzNY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28
PID 2408 wrote to memory of 2468	2408	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a0fb1d7ad5dd600ae60cfc0956bd74_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6a0fb1d7ad5dd600ae60cfc0956bd74_JaffaCakes118.dll,#1
  2⤵
  PID:2468