16a693f62134313257f27774361994128b3b611226db5f0a1811aaaa23c91f29

Analysis

max time kernel
12s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 18:29

Target

3a4589f00367251147904f6b15369a71_JaffaCakes118.dll
Size

199KB
MD5

3a4589f00367251147904f6b15369a71
SHA1

56e6ba42bf6af923d129993445f5edc4d8199676
SHA256

16a693f62134313257f27774361994128b3b611226db5f0a1811aaaa23c91f29
SHA512

78dfc35894e4955f5881a968fef10fb4b4f4c1792230cc2c78da770abc330552756b9318a773d08e5ba5940ca7bdc2cf4f4460a77543f17de14ee1e4378f804b
SSDEEP

3072:o8SsFWPLMXHokWsGdXEj8TCmnsZIKE5H8QGVIghC+VYk9uoaAbi7MoO0r:o8SFYj/YsKKE5H0V3uk91aAbi7K0r

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29
PID 2548 wrote to memory of 2504	2548	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a4589f00367251147904f6b15369a71_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a4589f00367251147904f6b15369a71_JaffaCakes118.dll,#1
  2⤵
  PID:2504