9579f183cee828f21d7fcb048d68815a248df081f602143be05db6e68f4ba27f

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 07:51

Target

1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll
Size

6KB
MD5

1a7fea1b250d9ff99b0281dd5316568c
SHA1

b7750359e505f0a405babf9a83c8978d559b319a
SHA256

9579f183cee828f21d7fcb048d68815a248df081f602143be05db6e68f4ba27f
SHA512

af2df900090b04954a2987838db98f0c773e6381646fa13e16b4ea49c51398322402c216215425a45dd51f2d6f670fdec593209c26b4cee74fa2b5bf30cbc707
SSDEEP

96:63CjcnHqT5noRDei0x16WES01x9jF7COMjr78ERGvBsmi:66cnu5njBxEWo9p7U/78tBsmi

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe
PID 3012 wrote to memory of 3024	3012	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a7fea1b250d9ff99b0281dd5316568c_JaffaCakes118.dll,#1
2⤵
PID:3024