4b52baeb7d96b8becf718889e71bfde39d1bb6c91d22a07c2abe359b45cf2980

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 19:27

Target

f1bf0b552fecedf0d35a9e94638ea06e_JaffaCakes118.dll
Size

62KB
MD5

f1bf0b552fecedf0d35a9e94638ea06e
SHA1

7354108498f986821eccd2e184f7f79e810f208c
SHA256

4b52baeb7d96b8becf718889e71bfde39d1bb6c91d22a07c2abe359b45cf2980
SHA512

104642e3bd6e630d11777085e7643cf84662c3b45c824c31d88c20a153c65c6698be167e6350158a31973aaa86faa3895be746f5bb2e9099a1b008b02779ad3f
SSDEEP

1536:wXx6VzTLqGFAOhnEh5zryUHHPP1GWnBKXfLxUjB1MU:IgVzTLBFPhEj2UHvAAKXDxO

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28
PID 2960 wrote to memory of 2996	2960	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1bf0b552fecedf0d35a9e94638ea06e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1bf0b552fecedf0d35a9e94638ea06e_JaffaCakes118.dll,#1
  2⤵
  PID:2996