bae860977ca648dd73761b840e2e9fbc3d2511ae87b3277ebd72596b68eec2ef

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 22:30

Target

3f20b9cae93453aa914f56a87e979518_JaffaCakes118.dll
Size

15KB
MD5

3f20b9cae93453aa914f56a87e979518
SHA1

51e041b04faf85ab0da050965068b1ac72c12acc
SHA256

bae860977ca648dd73761b840e2e9fbc3d2511ae87b3277ebd72596b68eec2ef
SHA512

ead1db8901690b1cbc4d38891f64525d95955c70a50204442240d22403c5d4b35ffc87fa8b74ee74b30a82c688575b4801b8e57954de60815dff1b120c7fd936
SSDEEP

192:BDtDQEx37uQUhlq1ElCAc5nxe5TzQ3g53/mOmEH2mOBr/HsIiO6QJ:BB0EtNUPdw5xeppV/mvEH2m8r/HsIiO3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30
PID 3056 wrote to memory of 3068	3056	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f20b9cae93453aa914f56a87e979518_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f20b9cae93453aa914f56a87e979518_JaffaCakes118.dll,#1
  2⤵
  PID:3068