afd4d6c35bc911c840db9b1db00110cf6566fe2afaf1334a41c77644d9c02c7f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 08:10

Target

154601f6e8c6fb4e1a94587a56dd478e_JaffaCakes118.dll
Size

28KB
MD5

154601f6e8c6fb4e1a94587a56dd478e
SHA1

63403ccfb66b865fec1658339cb39195ef7f3d4e
SHA256

afd4d6c35bc911c840db9b1db00110cf6566fe2afaf1334a41c77644d9c02c7f
SHA512

f8104bbe0709f95f0ed21e9295fa4373d64851439d8da1f5af8e42c395078547095b20decbd4f466bd72c07ab7f62c64881dcccf835527a2d0b9afb4c7ebf9e6
SSDEEP

384:uJT6weNh5tkgg8DuYXizDhgWslAxWiMje4wN7SfQpDLbn2QtE51Tl3JQ54LTqSfL:HvfKf2WUAMje4jfQpDL65x5+54KSf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28
PID 1752 wrote to memory of 1960	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\154601f6e8c6fb4e1a94587a56dd478e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\154601f6e8c6fb4e1a94587a56dd478e_JaffaCakes118.dll,#1
  2⤵
  PID:1960