516223f859d50cad568fba80a0e2c5a91d54611ddf801bcbb2be18e1931d3409

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 12:21

Target

5f0bd764c556e108006648f98a90c4dc_JaffaCakes118.dll
Size

179KB
MD5

5f0bd764c556e108006648f98a90c4dc
SHA1

65c84652f7fb2dd4b31452c3f4a186e50cbfd41f
SHA256

516223f859d50cad568fba80a0e2c5a91d54611ddf801bcbb2be18e1931d3409
SHA512

abe7f51defc7ae835e36e35be46bb2688d17aaeae5f147d4cdaae2ee1b0c1a7056360a2576ea16e906a8415827f0529ef9ae40291601c02ac879da3c64a92e3f
SSDEEP

3072:606lteyynSC65zjOuJwx3QSX+QkJpUckZyW7:606htVvydk+Zh7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28
PID 1688 wrote to memory of 2488	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f0bd764c556e108006648f98a90c4dc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f0bd764c556e108006648f98a90c4dc_JaffaCakes118.dll,#1
  2⤵
  PID:2488