0b6ffd763b8644406e3d837ee77fb857f1f3b7ab69d5089e75e170fb2217282f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 08:05

Target

07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll
Size

204KB
MD5

07590760e2e65c1530ff50c4bc4c3527
SHA1

a56f43185a6ada943692349de7328623196712ca
SHA256

0b6ffd763b8644406e3d837ee77fb857f1f3b7ab69d5089e75e170fb2217282f
SHA512

b6452b1890c00800e705875607fa6fb4880b02d91a6a4c6bafc57f7108df03e2e00946cc4176486775580ad9ec0471c602e3feb0f78f9274efd8d5c9e93bac75
SSDEEP

3072:887fZhz7uW+WJdyDIfezUs7pJsxbmzo46YVIOSfcFRhrmw0qHxcO5VHWAz2x9+9b:r6d57H04+RAzr9z9NX3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28
PID 2164 wrote to memory of 2384	2164	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll,#1
  2⤵
  PID:2384