168bfb0b6f2f222004aab65174047390ed03256b7c500eac47da7c0354af2dce

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 15:18

Target

3546fc08f34341f15e2a1d3f4d8fd02c_JaffaCakes118.dll
Size

38KB
MD5

3546fc08f34341f15e2a1d3f4d8fd02c
SHA1

3d7e9ec1b1c383e38b5fb0ebe1d8ddb720e86553
SHA256

168bfb0b6f2f222004aab65174047390ed03256b7c500eac47da7c0354af2dce
SHA512

4c2671de0fd781375479b71f97971f5099f0e7106e6977e2dab635a3949049d885bab2244960632041d10c87c9ef82b732e8656a97ff6c2139da9bc6d19b12b4
SSDEEP

384:OfpF+Qwa7Df74PWe26NoFChQe+jTU8y1cp9nfWAbnQbzbu//VTN+iFpC:OfpF+QJ71dUQA8y1cTnybu//VTN+iF8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30
PID 1820 wrote to memory of 2116	1820	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3546fc08f34341f15e2a1d3f4d8fd02c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3546fc08f34341f15e2a1d3f4d8fd02c_JaffaCakes118.dll,#1
  2⤵
  PID:2116