db21c33fafe2ceacaefaec22b3443e737f406edaf141565f03e286a6a972ab1f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 00:41

Target

0b9412ff46ad690606eabee00e89a8e6_JaffaCakes118.dll
Size

40KB
MD5

0b9412ff46ad690606eabee00e89a8e6
SHA1

36576033df7cdb4713603765a7d91de789400063
SHA256

db21c33fafe2ceacaefaec22b3443e737f406edaf141565f03e286a6a972ab1f
SHA512

0034598976c31a0f37845645ac37174d2dbb1f3c60a20505a4da3d9da56489c4dc05ff351aa38263a54293c40d53643d90548b7e57a95d91e753dd0a9a6f8add
SSDEEP

768:Rfank9Fg/Xqf+KrKnvBFY15d7jVfkNM9EGkGpVKBhHQ:RRg//OKvBE5EqJkGj

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2172	rundll32.exe
2172	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28
PID 2424 wrote to memory of 2172	2424	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b9412ff46ad690606eabee00e89a8e6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b9412ff46ad690606eabee00e89a8e6_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172