b023f80f6cd94941f2d0c85390d4dd357801681d7e8bddefa52bb4d920199323

Analysis

max time kernel
17s
max time network
19s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 19:40

Target

361d0696fb227eb041f0191ef2b52516_JaffaCakes118.dll
Size

19KB
MD5

361d0696fb227eb041f0191ef2b52516
SHA1

3599679badf2f6a9339679a547084a9c5e1d950f
SHA256

b023f80f6cd94941f2d0c85390d4dd357801681d7e8bddefa52bb4d920199323
SHA512

a2f38daf79e330652a468a6a14cafc49926cd121e96d6b4bb3aa79d751abbc33c48a8bc4b0d7e9ee3d76b484f65dfd47681ec8d5b8d10e31fdde443ffcc05f85
SSDEEP

384:R6ZKucTvqMuhSJtojrFnnCp7/bBWYDOoOgjqqMI:R68ucmMuhSJSjrFCllFDOeWqMI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29
PID 1896 wrote to memory of 1312	1896	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\361d0696fb227eb041f0191ef2b52516_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\361d0696fb227eb041f0191ef2b52516_JaffaCakes118.dll,#1
  2⤵
  PID:1312