3edee20763bf9d8261c8c3db7fa5fa7f59dcc0278e6383af7b758b5e60b38ffb

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 12:04

Target

05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll
Size

17KB
MD5

05d28607b3344c3aa1d779736f0ccbe7
SHA1

4a0351b7d2fa714f44d67a2b342e241cbf8fe5f2
SHA256

3edee20763bf9d8261c8c3db7fa5fa7f59dcc0278e6383af7b758b5e60b38ffb
SHA512

f7bbfaefb821b99f86a3a36e3c22f906352e04c309405abc6e1f916dbe0957f1d6917dc97c500dad4173a231a95431b928abe59835589f1f5ec9deffa57218e5
SSDEEP

192:n369sd9OinMOZ/vvtaUuU8e0W9+ym+yCrDYmBMitDeiHKoYDKtXLerFRoYN37nHk:362rOiVFcUyW/Bv8oU97E

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28
PID 2644 wrote to memory of 2472	2644	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll,#1
  2⤵
  PID:2472