cc3297fc713478d02b169231dc95b20db69a26bb4786d34eb4336bdd209d51f6

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 13:49

Target

3da0fbbbd67f4d5a2714145389aee40b_JaffaCakes118.dll
Size

33KB
MD5

3da0fbbbd67f4d5a2714145389aee40b
SHA1

7a1e4d8c145ef2a074453d721310997dd56f36f5
SHA256

cc3297fc713478d02b169231dc95b20db69a26bb4786d34eb4336bdd209d51f6
SHA512

50f7735744fe7396f1681de1b3dee439f969f4a9ccc846248a3c62bcf4e6abfa5e551a5a572a6226338dc2afae90d88a024a95ca947ad1f803e566242c9d1c98
SSDEEP

768:iAdVo1OwNMZi9LIj5u0hvVqYgr0ziY9m570vm:iAd8OQMAGnvWY9m10vm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3da0fbbbd67f4d5a2714145389aee40b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3da0fbbbd67f4d5a2714145389aee40b_JaffaCakes118.dll,#1
  2⤵
  PID:2832