a480ab12c070457970867e3e433f6effe51f6a7056f1e288be73fc45fd88d705

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 18:50

Target

60a47da6438cef738931e527dbdeb56b_JaffaCakes118.dll
Size

72KB
MD5

60a47da6438cef738931e527dbdeb56b
SHA1

a554438016187cec46b6bfcf5e74c3505651a7b6
SHA256

a480ab12c070457970867e3e433f6effe51f6a7056f1e288be73fc45fd88d705
SHA512

2bcf2c15866a218b61b2aa99c04796b86fc77b7e72f9bf8473296905854a02be72ae22751128ddf7da6dfafaff654c32951c0d7dde7b6e80b6bb2c515aedc28e
SSDEEP

1536:RrEzMwFTZ/2AINgpmltWyu17qjuJ3E9OPbHmMPhYL1C2KG7Tfvwio:ezPF9//pmtoIiJ3QOPbHhJY03G7T3wio

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28
PID 2344 wrote to memory of 2360	2344	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a47da6438cef738931e527dbdeb56b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a47da6438cef738931e527dbdeb56b_JaffaCakes118.dll,#1
  2⤵
  PID:2360