402a2b20f6dc0088089af6d609be1d72f95010d1ef7f2153c38b43292f6b4fc1

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 18:06

Target

3a3459d96e8ba0b66610b2b464f47428_JaffaCakes118.dll
Size

128KB
MD5

3a3459d96e8ba0b66610b2b464f47428
SHA1

b6d86adb606d9525e3b4a673131d0de2034dafde
SHA256

402a2b20f6dc0088089af6d609be1d72f95010d1ef7f2153c38b43292f6b4fc1
SHA512

932fb894187c3b9777795f3546a145652948f3ae29324c79d298ac01f63110f4392be7f3520c991d1b44d1af6a0ead14fe3765ff6e26584b80f7acb04fc03bdf
SSDEEP

3072:DhUQo/xkKahwTtO2SIQ9XUnKfjz0xfjIX1P:yQEkKa+TIjrfH7X1P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30
PID 2524 wrote to memory of 2136	2524	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a3459d96e8ba0b66610b2b464f47428_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a3459d96e8ba0b66610b2b464f47428_JaffaCakes118.dll,#1
  2⤵
  PID:2136