b91b0c989653fc38623e4954a9117f2a49bf7388fb9d2222d60e8e1541d5b646

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 18:25

Target

292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118.dll
Size

20KB
MD5

292b5a6e2104d7bbffc27b9c26ac18c6
SHA1

4b68ead5a9fa4e561039013c4ae6460286601f9f
SHA256

b91b0c989653fc38623e4954a9117f2a49bf7388fb9d2222d60e8e1541d5b646
SHA512

b30a9a0473dce77faae392db9114472cfcf0c54814350fa6c0a06d6bf29dcb064ae28260232dc1e8e0d815772002499f69349e881dd1800dac44856ee47a7a0f
SSDEEP

384:e2yYghZLs3u4LOL3OKma+8B90/MuA512scepOjwP7NiG6SsakkxIB:e21gvwkL3wcBi/MuAWhEjwGDRxI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28
PID 1028 wrote to memory of 1284	1028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118.dll,#1
  2⤵
  PID:1284