93eeed7289dd341a0838d5c96a6e447c471d8cd5e397b8b400c6e7a46fb7e03f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 00:18

Target

36fba514c33b9a5b13697ae7c2579d4e_JaffaCakes118.dll
Size

220KB
MD5

36fba514c33b9a5b13697ae7c2579d4e
SHA1

69e25dc5b8780b6a490fac48c42dd7620d723137
SHA256

93eeed7289dd341a0838d5c96a6e447c471d8cd5e397b8b400c6e7a46fb7e03f
SHA512

d15ebf7c03f699159353bf9b9bd3363e895138b1f61c79e065f4186299902f8d3430715c3c983f0ccbd45e78c2fe343ec02b7db5ac6cab2b38b876d7a7ea6c39
SSDEEP

3072:8nRG7Xtr7YNIMNGp6uy+MXlNwf831HWkXqzpA0mDKCkgwr73iMVt/ZELna:wRq9rn+q6uy+KlNwqHGA0mD2HZ0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30
PID 2312 wrote to memory of 2460	2312	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36fba514c33b9a5b13697ae7c2579d4e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36fba514c33b9a5b13697ae7c2579d4e_JaffaCakes118.dll,#1
  2⤵
  PID:2460