8aac7a146911070632a619ab5de4b90fe862423076217b3139558c134b658ad7

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 23:38

Target

299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll
Size

16KB
MD5

299ecbf8a5ef2c0b87eeebccef7e6566
SHA1

a2a8e88e207c601db69850c2aceefed194613383
SHA256

8aac7a146911070632a619ab5de4b90fe862423076217b3139558c134b658ad7
SHA512

b7a22c3970597f3b4ae1009dd575e5d61898211dd554c1a0cddb334690a44e0980452df6bac76abc0beabb3d9a0a609d77b104584080678d9cc7f78aea26b464
SSDEEP

192:DI93J3YmENdhXfa1dLFk8OSKS3twSi2S+J+aWAcKzzhN0nlKvr2fIMmPzbWjFsE1:DITc8dBy3SdwSr5+MholFcKBn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28
PID 2412 wrote to memory of 2428	2412	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\299ecbf8a5ef2c0b87eeebccef7e6566_JaffaCakes118.dll,#1
  2⤵
  PID:2428