c4da827e9bb47590879c44ad278bf07698cbe8ffba6506bf7c929e57936edd61

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 23:37

Target

046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll
Size

261KB
MD5

046321d58a630bd0e1ef819231d33852
SHA1

879ad817e0b5d47ca58b4fae0954267fa7b7041c
SHA256

c4da827e9bb47590879c44ad278bf07698cbe8ffba6506bf7c929e57936edd61
SHA512

9a94e6ba26eeeecdef5cd1cf9a9fdf7b22fdb56c26492c7f227986811e7954f939f8af21f3ad95f942335f8cb00b74352efd9adc01234a801f7e8968bbf259af
SSDEEP

6144:oueNwFt9jg01FmylTzY60bIwLiT4wHJekzxHp6B5D:OAc01FmytzYxIwLbwHJeklpK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28
PID 1780 wrote to memory of 1680	1780	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll,#1
  2⤵
  PID:1680