b95a0436fe7ad195bb714056c091a79216b6cb35425dfc470b286d24cc4df2c4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 22:46

Target

36b3ee42c0083a13e383ce03ea54152c_JaffaCakes118.dll
Size

17KB
MD5

36b3ee42c0083a13e383ce03ea54152c
SHA1

f71fc589faa2584abde483988f1ab06fc1622629
SHA256

b95a0436fe7ad195bb714056c091a79216b6cb35425dfc470b286d24cc4df2c4
SHA512

159fa94622df16790d5bf55fb92011bfdf31a82c16d39120c1712a7a762ec3fb63e2237f091c05bcdac1d734f9ea72a63782aee5da2451de2453f8a9455cf881
SSDEEP

384:WFps7YUQQ1rNmD4ZWezyWttwHhhkGwPA+33uuSu/+ZArEccvH:WFKaQrcF+ntygjX/+qE/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36b3ee42c0083a13e383ce03ea54152c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36b3ee42c0083a13e383ce03ea54152c_JaffaCakes118.dll,#1
  2⤵
  PID:1696