386240609fde562dd07775f1d07af42c397b43feffb9567bde919f1d945785fe

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 03:08

Target

246cab61479f3f1e2450434c24481ef6_JaffaCakes118.dll
Size

34KB
MD5

246cab61479f3f1e2450434c24481ef6
SHA1

5ee2688c67ed738cd86494d7872fa1360313d3f3
SHA256

386240609fde562dd07775f1d07af42c397b43feffb9567bde919f1d945785fe
SHA512

6d1142ebbaf644f8f35d299ad10a08b35bc954f24f74e948fab4df200ee8c557dba92432447d2c7a7aae65ed0bb5c69f68d2634ff8fe26ed22b54062ae66456e
SSDEEP

768:UqCM7tWeKCJfaEtOexFjAOll7wzxOSO1m2OMjRGt:UqR7OotOe3MOf7wzxoRRM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28
PID 2992 wrote to memory of 3000	2992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\246cab61479f3f1e2450434c24481ef6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\246cab61479f3f1e2450434c24481ef6_JaffaCakes118.dll,#1
  2⤵
  PID:3000