d7b4b1fae5a1e4951d10b8e742a614e8254a03f559b9cf5f1164ddf2427c9e62

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 14:58

Target

f83ed0aaea0fafdf4a5575ae545a6542_JaffaCakes118.dll
Size

125KB
MD5

f83ed0aaea0fafdf4a5575ae545a6542
SHA1

a59dcdb76bf6897878d5badabe2e4b26801c0469
SHA256

d7b4b1fae5a1e4951d10b8e742a614e8254a03f559b9cf5f1164ddf2427c9e62
SHA512

ab19749a201c40922da8f5daba8fa32bcc19d2a839e5ef8a2fe7daf95d55a9776dbc2cc0fe8c05c19c97e717a52130196315907677defed9aa0a85932bc97a31
SSDEEP

1536:MxqYfljUTF4Re0zgt5kyzPgIBeSA9KzsInC3g9M7Jh5R9xxjxlTuVI:MxqYflCB0Y5BnzsICQ9i5R97p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f83ed0aaea0fafdf4a5575ae545a6542_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f83ed0aaea0fafdf4a5575ae545a6542_JaffaCakes118.dll,#1
  2⤵
  PID:1932