90fd0229be940956b60e1b137b9cf12cf4452e11e71ae25dc960319f179d8a87

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 10:22

Target

19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll
Size

72KB
MD5

19c5b69e6f2bb88f8efd5499ba908b68
SHA1

e65de20e1371219b82a87999a5ef92a8e715a9f9
SHA256

90fd0229be940956b60e1b137b9cf12cf4452e11e71ae25dc960319f179d8a87
SHA512

36a2a61fc7e32cd674cb21ba3015a762eedab6f988d8a761d0b3ee1182c81c7ce7e31ebc735cb2146d1f7ebb1a81a23eab31d5fb692ac5008ea55ef243abb427
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28
PID 2468 wrote to memory of 2244	2468	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19c5b69e6f2bb88f8efd5499ba908b68_JaffaCakes118.dll,#1
  2⤵
  PID:2244