4e4a673ea8e868fbe82b0f5f47694b025e93e58be36144cbdd38bcd0a0dadb3a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
24/06/2024, 08:05

Target

0759a9848394a0323b66ef3f8b622625_JaffaCakes118.dll
Size

173KB
MD5

0759a9848394a0323b66ef3f8b622625
SHA1

5c6d04c4d78dcea13539a7ade66971b59e113813
SHA256

4e4a673ea8e868fbe82b0f5f47694b025e93e58be36144cbdd38bcd0a0dadb3a
SHA512

b7b06dd1f60ebb7b521a3fd1ec2686c87363378ff681b6f95f5cae75eb5fdaa5a1141a0875b8e83779dd53a3744d7c9d2026169e31f107f535be6f96df2649c2
SSDEEP

3072:DxEjZjteFA9gH31MZ8Sp0QkB2uUSa6caJQDXRsvZbKpn9K/4BQQbmG:DxykFA9K1M0y2tVgn44GQbmG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28
PID 3060 wrote to memory of 2208	3060	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0759a9848394a0323b66ef3f8b622625_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0759a9848394a0323b66ef3f8b622625_JaffaCakes118.dll,#1
  2⤵
  PID:2208