c3ce897ba19ba4e51899a636c44a54b8045df25410dc7b22a8a1167b9202db7b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 00:58

Target

063a1f172d1dd1ad63bd39b1b67b9de0_JaffaCakes118.dll
Size

78KB
MD5

063a1f172d1dd1ad63bd39b1b67b9de0
SHA1

62c9dd4c1bf880f05b1ff6705a74408b2e6137e8
SHA256

c3ce897ba19ba4e51899a636c44a54b8045df25410dc7b22a8a1167b9202db7b
SHA512

2d05005d276ff67ce422b297638b61258cd3587e02796b6d3cb4df9651eb4c096f0ba4525bae79525ac27c42be7179a36b3c6db71713515a549d3bfe147705d4
SSDEEP

1536:epDF/FbUc7SvexVqCGoKlC2igBQItEABnqF05ZquJLnQdpL:a3bTSvedGoKlCDgBwGqG5Z/UpL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28
PID 1800 wrote to memory of 2836	1800	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\063a1f172d1dd1ad63bd39b1b67b9de0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\063a1f172d1dd1ad63bd39b1b67b9de0_JaffaCakes118.dll,#1
  2⤵
  PID:2836