13a9d10f12c736fca0b1acb747d0e152a57d07d5331ab31dd6c12ebf2156ce9a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 07:17

Target

3c71b304f7426df7eaf7ab277bc25bd3_JaffaCakes118.dll
Size

102KB
MD5

3c71b304f7426df7eaf7ab277bc25bd3
SHA1

a717cd70b41fb0804113ad6c0bccdb8f7e2341e3
SHA256

13a9d10f12c736fca0b1acb747d0e152a57d07d5331ab31dd6c12ebf2156ce9a
SHA512

0122bed6412ccca0ef99ff648ee656102d0bf0fe1198c786609fa8baeedd0c31a6053e17831aec28df7ebce1fc0289b4fe225f38db678454ebac8e9c129840ab
SSDEEP

1536:3pR/jl9kHMlfqY3fwCwzB8wQb4n7XiWL5ZMJRjvcVUmGdm9W4i+6Erc2xY4XVCDG:3pR/j8Mui4vNaJZEVU67FC52k9A

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30
PID 1676 wrote to memory of 2168	1676	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c71b304f7426df7eaf7ab277bc25bd3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c71b304f7426df7eaf7ab277bc25bd3_JaffaCakes118.dll,#1
  2⤵
  PID:2168