30f5dafb71cb0e861a2ee2a1ef35cc9dc19d5ae2f7378248fb418b8423da086b

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 21:40

Target

00a63aa9ac6e0d74e1982b46ed97d99b_JaffaCakes118.dll
Size

135KB
MD5

00a63aa9ac6e0d74e1982b46ed97d99b
SHA1

1e5672a1062b1a74b2f2d5c40e2dbf13cc66a466
SHA256

30f5dafb71cb0e861a2ee2a1ef35cc9dc19d5ae2f7378248fb418b8423da086b
SHA512

a1d4eda963a7db2ff03da9ff9d95a35fde83c46e56dafee2f0b600e66b4eda1696c5fde53106b0e337d116d4a61f79fed331685e8cdf95fd267887809be432a1
SSDEEP

1536:nuSM379pilzy4aCUBGbrufhif3ba/Qtps4zWeYXuOtMl5:nu79WdaC2urufq33UeYuOU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28
PID 3048 wrote to memory of 2096	3048	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00a63aa9ac6e0d74e1982b46ed97d99b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00a63aa9ac6e0d74e1982b46ed97d99b_JaffaCakes118.dll,#1
  2⤵
  PID:2096