908868023662568d9e22d52b720c7189f0f8cd03d36891f52cefaa5b227bccd6

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 17:36

Target

3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118.dll
Size

304KB
MD5

3a1b6b727c0662708ae8f2b74be8ba7d
SHA1

a692139d86b6914ff531569bc0f8a7dbbe4a0eb3
SHA256

908868023662568d9e22d52b720c7189f0f8cd03d36891f52cefaa5b227bccd6
SHA512

328e813500546d6d1daefffca1185876c170517734abce76d238c4a1309f89f3025fccc1e53ef8b2bceb62a3726b5988ced56e3d67992e7f3187f1fa155b1157
SSDEEP

6144:Qll+9CUuf9IFmJTjYZ+cYr64k62nBlmoU87way4O3Okb:Qll+9CUu+FmJTXcYr6A2nf1w93Lb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30
PID 1976 wrote to memory of 2948	1976	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a1b6b727c0662708ae8f2b74be8ba7d_JaffaCakes118.dll,#1
  2⤵
  PID:2948