1bfc6cc258bb41569c84c1eeda3b470dc1eb977a6ea3c6e8ce1ce2d9933e00ec

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 18:52

Target

25df91e4d8440df4a39cc77348c9d3dd_JaffaCakes118.dll
Size

22KB
MD5

25df91e4d8440df4a39cc77348c9d3dd
SHA1

915e6687bd2cb1efa5e575d901706c3538ddde20
SHA256

1bfc6cc258bb41569c84c1eeda3b470dc1eb977a6ea3c6e8ce1ce2d9933e00ec
SHA512

574dd8c9d2096198925f598dd3bb9fa58db7241f392df38abd8619b84556f07f1393ad3b613806ca98343e148064b7434742aa56ba1380197b3fca2d05f55566
SSDEEP

384:Ri/Nhl0/mdi8zIU/h9ar6Q3WRncCTQnuzLe2v627o/InfrgreSnaC/hrdvsnOgxy:RGND08zZagTYJqg57

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28
PID 2348 wrote to memory of 1664	2348	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25df91e4d8440df4a39cc77348c9d3dd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25df91e4d8440df4a39cc77348c9d3dd_JaffaCakes118.dll,#1
  2⤵
  PID:1664