297934fa288303595eeccc93e0b65648493416d5f1d30153fca43b1cd4eb68d9

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 03:26

Target

65f2fc5aa0687bb13ea45b1a1e1d4f17_JaffaCakes118.dll
Size

26KB
MD5

65f2fc5aa0687bb13ea45b1a1e1d4f17
SHA1

bff4d463d466816b1ef86845bd207f80d541c1a3
SHA256

297934fa288303595eeccc93e0b65648493416d5f1d30153fca43b1cd4eb68d9
SHA512

cf68ba197b5c51701640768e484f8910eb0676b3a818281f51d84b62c61a5d6939a87fe325a47629237386efe4b30d552824beecbb0cc430a3a9c64c7d085c59
SSDEEP

384:45m008E9N4NJI9LmFKZxGvAEio77bicN8oN3vZa7xh2RaRLwg7Pd:3008NI9LpZxG8o7KcuoBQ7PfRMg7Pd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30
PID 2712 wrote to memory of 2804	2712	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65f2fc5aa0687bb13ea45b1a1e1d4f17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65f2fc5aa0687bb13ea45b1a1e1d4f17_JaffaCakes118.dll,#1
  2⤵
  PID:2804