32c3aa0e93026882d37b818bef7639b52fe13b3cf791c3b6cdca25bda9095dab

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 03:13

Target

02554707f3c094964e6b590fee83e1b5_JaffaCakes118.dll
Size

23KB
MD5

02554707f3c094964e6b590fee83e1b5
SHA1

eaa95ccd202f49de627e8fc6d912b3dc6cb50689
SHA256

32c3aa0e93026882d37b818bef7639b52fe13b3cf791c3b6cdca25bda9095dab
SHA512

d8760810c0a55c4dfc3f0edb92265825257f13fd8f43d5a8c3c5497bdeee8435c3c737169cff725e96d3e008273548d0cf64e83b959e7a23c15ce992d8afd3f1
SSDEEP

96:mT1bWEGSocimNPTwzX74ARim1RJwHcA659:Wp/NimmoUxwHcA659

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28
PID 2808 wrote to memory of 1832	2808	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02554707f3c094964e6b590fee83e1b5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02554707f3c094964e6b590fee83e1b5_JaffaCakes118.dll,#1
  2⤵
  PID:1832