89704806d9001766e522eb04e50229beb82d3fbf93c0735420de07d8b59e6953

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 01:46

Target

3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118.dll
Size

65KB
MD5

3fb61cd9fa9bb0a5254857063e97ec34
SHA1

4f62c9c5f9027af3d36932da2185e1dd24642994
SHA256

89704806d9001766e522eb04e50229beb82d3fbf93c0735420de07d8b59e6953
SHA512

04f0cc0d1f6ab34fbf9a77864547f5dcf916ed490c21efd6e483466e58729a9a599fa8e1536aba0ac0e7567929d07980f322b741f8441a22c76deab6b1e6c83f
SSDEEP

768:CMYgT9zkftZ2OKt3ilHrIbc2QV30u1r08kBG2GhCYZJqGBR:dYgT9zitZ2OKpilLmcZyWqGBR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30
PID 1368 wrote to memory of 1672	1368	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fb61cd9fa9bb0a5254857063e97ec34_JaffaCakes118.dll,#1
  2⤵
  PID:1672