a9b6c5ec8921643eae598108f0505b098bbeeb03cbff519279df20cd18b53148

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/06/2024, 15:56

Target

0ea987aec28cb06d1fcc2aa67e15da1e_JaffaCakes118.dll
Size

92KB
MD5

0ea987aec28cb06d1fcc2aa67e15da1e
SHA1

6e0cd216be0f38afa8dc8d8cff74b14890560e63
SHA256

a9b6c5ec8921643eae598108f0505b098bbeeb03cbff519279df20cd18b53148
SHA512

59905f039a016d2bb8df4b2a3e3d7eeeac33826fcf40b0768879bcec650c07426074b92e804d16648469c64cbaaf3fb6757b008a803847e411416da47b0613c5
SSDEEP

1536:lFDUIYkK4cEui1gNNx0eW6QPB/4ZW1ck8zHhTduu+qjIk9WkD2oHxzt0:7hYZ4z1sxtbjIUWnoRzm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28
PID 1912 wrote to memory of 2212	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea987aec28cb06d1fcc2aa67e15da1e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ea987aec28cb06d1fcc2aa67e15da1e_JaffaCakes118.dll,#1
  2⤵
  PID:2212