6453cb4bf3566c0695f239c5256a2a8e23b9aab9494e765f6753a27e900f2125

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 09:39

Target

0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll
Size

34KB
MD5

0d949c24757b03d8dc7e25b4e6964e97
SHA1

9dad41c6eb9cac6aed1d8fb23bd659da99e7effe
SHA256

6453cb4bf3566c0695f239c5256a2a8e23b9aab9494e765f6753a27e900f2125
SHA512

092ac58e53d759397685bc833535254ec649bbc799b892a8ef1104c0f72dd38e18a37b997fa20e806d9f3ee1694c7325a330e0aa0824cfaaea75213550620829
SSDEEP

768:GQ7FCmKyb5dlt+NGZmXgoZkC/jCDtGUAqsqqtBNu2H:GQ7FpT9MZXjUtpHDQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28
PID 2980 wrote to memory of 1396	2980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll,#1
  2⤵
  PID:1396