b3a2f48d7ce82ec4addadb1b0abfb15d965c559388681be7bdd0b322003f2a15

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 20:58

Target

29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll
Size

89KB
MD5

29546d0ae43486678f7125abe55b1510
SHA1

fa0cd58ea5db11628435e67d8b49e6ca136244e0
SHA256

b3a2f48d7ce82ec4addadb1b0abfb15d965c559388681be7bdd0b322003f2a15
SHA512

e06aea4f55142a53132eacd416a06dbab50f88c5053b5739e643fc28d2736f2069db5c397144cd43dc3adaeac7ba1ff543a74e6a24a7c7f6c0ddcce898445cd9
SSDEEP

1536:8OlQomzjvq2hfSNxTNLzuMd0BDFnToIfaJ7iaK:8ECCPNL5d0BDtTBfw7ia

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30
PID 2416 wrote to memory of 3064	2416	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29546d0ae43486678f7125abe55b1510_JaffaCakes118.dll,#1
  2⤵
  PID:3064