a8ae44ece93f7ea245e7c48e962f5ee81c085957bcd60c9cb50903f59e48c0e6

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 11:27

Target

348748cfcf1a69a2385282cb1fdc4b06_JaffaCakes118.dll
Size

139KB
MD5

348748cfcf1a69a2385282cb1fdc4b06
SHA1

b5a17f11537173ef5292e91499ba1755d7fc4380
SHA256

a8ae44ece93f7ea245e7c48e962f5ee81c085957bcd60c9cb50903f59e48c0e6
SHA512

2bc6021659db7a3fd5a5af1912075754b98249966eef0d91689a5826c8f0d0c01babfe750d2dc9b516a154f63373d4a3637acc665edcdd20f2d05804db6d240d
SSDEEP

3072:O4PSK3WZCn3Uag+LVO/h9LR9nAUtQf6P/NllMc:O4VRkag+cDLrxthtcc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29
PID 448 wrote to memory of 1148	448	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\348748cfcf1a69a2385282cb1fdc4b06_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\348748cfcf1a69a2385282cb1fdc4b06_JaffaCakes118.dll,#1
  2⤵
  PID:1148