149c86ffb81415ff5c7004b2acb2623fc979f2e91c4e8b26ded0c2e2023cbe61

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 15:03

Target

35393114f6654cf75bfa3b284ae6dac9_JaffaCakes118.dll
Size

33KB
MD5

35393114f6654cf75bfa3b284ae6dac9
SHA1

f5eef02721e08693536f93854ff08547dcbe2c8b
SHA256

149c86ffb81415ff5c7004b2acb2623fc979f2e91c4e8b26ded0c2e2023cbe61
SHA512

a9648cc3a68a2d729a650d7a7a5504cf7e66b864a315d441c32f7624cddbae10ec4bee3939de2aea213a420f5d4595939f956676034c65798174f105d66c3cb0
SSDEEP

768:wJTzSwGuNNz5bZuV4MUtN1H3XQN70EDR8JnhYDuRoUsJ1p:wFHdMUNXXo70gR8p+KRoJJz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29
PID 2468 wrote to memory of 2152	2468	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35393114f6654cf75bfa3b284ae6dac9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35393114f6654cf75bfa3b284ae6dac9_JaffaCakes118.dll,#1
  2⤵
  PID:2152