96b40d1a765c97458f6d9761d250e0ac4b53bedd1513bf7bc8f4adc81ba01a29

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 17:11

Target

3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll
Size

33KB
MD5

3e2f99c1c9841fc718f5138bfcba5382
SHA1

5cf2ee691da70a24e74549abce6ae65e668746d1
SHA256

96b40d1a765c97458f6d9761d250e0ac4b53bedd1513bf7bc8f4adc81ba01a29
SHA512

9ba4fef0d831ec764185fcd4419c8319d1b3fe9a81fd324a463c03c469856893538ddb66c33b76d15bd04e611b3dd411d527000fb7ccf852a85817e0eb0d55b2
SSDEEP

384:71s97M849VCFQtlzeSxhpbIVLIlt7Cw9tucSxbpUCYCGg6ACB7DzFfYKgehAmZqd:BjR/Csl1FcVLfiIPWCGeqfFpAmA0nsrV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30
PID 2684 wrote to memory of 2088	2684	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2f99c1c9841fc718f5138bfcba5382_JaffaCakes118.dll,#1
  2⤵
  PID:2088