b88e34ac768e8c38ab60d543cd7364f2862ddc64720223ff5dfa01465a4e934a

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 04:16

Target

3bf443bb8f9710a6602b64b0859cb932_JaffaCakes118.dll
Size

204KB
MD5

3bf443bb8f9710a6602b64b0859cb932
SHA1

2e2464167d24512797c1bb62f0684f936fd9ee5e
SHA256

b88e34ac768e8c38ab60d543cd7364f2862ddc64720223ff5dfa01465a4e934a
SHA512

a606817b0bf1bab9643b5e8c09e4a3e6ad4a3ee5e04b687b4debeb0763fd9ab89fd443466c17653d0f2b9710c6eb1c2535ee058e4176c1ca28e28f081de462f8
SSDEEP

3072:WTcX3qe6oZKyh++ZyVIJ4MSY1xyESEJNXo:3qe7Mu+6oIL1R7X

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31
PID 1172 wrote to memory of 484	1172	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bf443bb8f9710a6602b64b0859cb932_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bf443bb8f9710a6602b64b0859cb932_JaffaCakes118.dll,#1
  2⤵
  PID:484