59c490f1dbb0a21ecbc99f3d128fb8e476b7ba834605dcb39f43df9115a23dac

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-05-2024 10:55

Target

39bd82ba140728e82f42a39e485c35f4_JaffaCakes118.dll
Size

11KB
MD5

39bd82ba140728e82f42a39e485c35f4
SHA1

53929b9e41b7072d077c9ab0fa48c9871bb73231
SHA256

59c490f1dbb0a21ecbc99f3d128fb8e476b7ba834605dcb39f43df9115a23dac
SHA512

3e0070a4e2e296f629f075c7e3979182f57dd512880558307d7fb2906c4c50cc52defe688d8d2fc98917895ea84236ecf623a8f5136bd3a0be4221d4c13cc08a
SSDEEP

192:NbuVWCWiyd5gbMI4jHcknKdNgjX3K2poGQZLT2i21CxzvtM1CxjX9OeA3XHPVR6u:kVWCWiyd5gbMI4jHcknKOX3zOZv2i21J

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28
PID 1252 wrote to memory of 2144	1252	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39bd82ba140728e82f42a39e485c35f4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39bd82ba140728e82f42a39e485c35f4_JaffaCakes118.dll,#1
  2⤵
  PID:2144