307d7f868216ce768ebf2a0d09f0617d98b50b926b6d103bfda2a3999c52c2ed

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 01:04

Target

3b6bf1d6f361e4b897ddbd6653387b35_JaffaCakes118.dll
Size

35KB
MD5

3b6bf1d6f361e4b897ddbd6653387b35
SHA1

8b67253db46fc7e8e9aa4af47645a8acbcb607c4
SHA256

307d7f868216ce768ebf2a0d09f0617d98b50b926b6d103bfda2a3999c52c2ed
SHA512

2397d5c8ec61daab728e7d4f35907ddd9cfabe63e54a69b62488aa9b215337ee06a508df6253caecf0392e357bd0c34bbf5ccdffca7337eba58a04f68aa1296c
SSDEEP

384:prxw6CL9YMSyIS8st4rVUyzWTNk2/HysQgD77+6HTHICawCJFX9W+RkhfODhi:5HCSyIS1t4j2Z/tD7zH8ChwZ9vRAv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31
PID 3024 wrote to memory of 2224	3024	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6bf1d6f361e4b897ddbd6653387b35_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6bf1d6f361e4b897ddbd6653387b35_JaffaCakes118.dll,#1
  2⤵
  PID:2224