03356dfd4ffd91c21fccd70412083befd7259e7aef158f95b4b974b508d8797d

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 08:09

Target

33ea9a0e8ebd3b46842f0a7ee0ec9799_JaffaCakes118.dll
Size

10KB
MD5

33ea9a0e8ebd3b46842f0a7ee0ec9799
SHA1

620b5731e996c825d9787a87f86d73c5b4c7f6fa
SHA256

03356dfd4ffd91c21fccd70412083befd7259e7aef158f95b4b974b508d8797d
SHA512

73fb9d6fa6271fd4ecd27a95bb4f4c36422e1d2b3f109400dd166fe5cd19be3fec1ee9df12b4d0099e168a326e4849ad3fb05fd200f26ea8684925965f7f7e47
SSDEEP

192:I0S1GuudcW1MEhpCJIaWVrQ6Pnhwi9oRnLoQCSi/mk/9:yY19hpCJIPVrQ6PnjmRLHPmv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29
PID 3068 wrote to memory of 2256	3068	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ea9a0e8ebd3b46842f0a7ee0ec9799_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33ea9a0e8ebd3b46842f0a7ee0ec9799_JaffaCakes118.dll,#1
  2⤵
  PID:2256