387c514eafc925cd0a842b4ce7721726e55feb20086d904cea32da2ba10fc592

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-06-2024 20:08

Target

0a9b2dd9c08bcd01a50a2f6797ecee01_JaffaCakes118.dll
Size

9.0MB
MD5

0a9b2dd9c08bcd01a50a2f6797ecee01
SHA1

d7ab530f81f19bc3013c68bc2034ce047d567218
SHA256

387c514eafc925cd0a842b4ce7721726e55feb20086d904cea32da2ba10fc592
SHA512

0e2587ca62f8e692b09543505673c6fa85aaf5d7a9c22e1557cc0b9fe6335ff5df81294fdf2538425b91d24cca4ba79a8888abb4bbe87cacc069b6e9bf5caaa5
SSDEEP

768:jY17yFThnP+F4sAn4zJ9LF9OzRjL2gSfMHreWrz01fYNceCMjqfI:07yFTVIV0hfwMLezY3CMj9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28
PID 2388 wrote to memory of 2188	2388	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a9b2dd9c08bcd01a50a2f6797ecee01_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a9b2dd9c08bcd01a50a2f6797ecee01_JaffaCakes118.dll,#1
  2⤵
  PID:2188