b65ce922a671bfb053d34b33c6fc180a1082643452b6afe769f64d8c109cb893

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 06:49

Target

25008f86f1513a8a3a2a1cc73b4a49d7_JaffaCakes118.dll
Size

33KB
MD5

25008f86f1513a8a3a2a1cc73b4a49d7
SHA1

dcab703ad84cc7ee1fad33677d7bd6e161b87b93
SHA256

b65ce922a671bfb053d34b33c6fc180a1082643452b6afe769f64d8c109cb893
SHA512

eaeb27741132c4a1a3ec565416e63851e1fffb3de654885bdc1c15a41c47f5362a28024883c04beeddae73af90ba33727d3fbe08fd77210f6abba95e1e2be44c
SSDEEP

768:WiZpE5NR3lbG31Rv4zQunlFBgDRKiP2rD2oS+t:WiZpAR3lMRvk88zs+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28
PID 2248 wrote to memory of 2268	2248	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25008f86f1513a8a3a2a1cc73b4a49d7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25008f86f1513a8a3a2a1cc73b4a49d7_JaffaCakes118.dll,#1
  2⤵
  PID:2268