173a3057e5da7621575e90ecc09e343308c62910dcf10eda229055029d7384f7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 10:49

Target

15b820c8a5a611386307ad66548a6c26_JaffaCakes118.dll
Size

21KB
MD5

15b820c8a5a611386307ad66548a6c26
SHA1

fb202ca3016d2dabb388566d6ecbcfbdc207c37e
SHA256

173a3057e5da7621575e90ecc09e343308c62910dcf10eda229055029d7384f7
SHA512

2f25cec077323e35c0e31968203ed468f914632a72a25c3871f14834d10b04d666e5f773d29672ce6a8371859cd4e4260bf039d639bbbc359259a8263ac95361
SSDEEP

384:N/jXxxIzwar5hOv9foz6/O1m71WINGndya8vLkmrpfRkR:N/T2wauVfb/lWd2vdG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28
PID 2232 wrote to memory of 316	2232	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15b820c8a5a611386307ad66548a6c26_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15b820c8a5a611386307ad66548a6c26_JaffaCakes118.dll,#1
  2⤵
  PID:316