5968063e9465a5fee2a703dbc9a6994ce07ced771d7b650ba0d9b976de82385e

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 00:50

Target

182d977039100428846a13c3180211e2_JaffaCakes118.dll
Size

21KB
MD5

182d977039100428846a13c3180211e2
SHA1

59cbf831de5b900e9305ed2b918ca5d1301ea47c
SHA256

5968063e9465a5fee2a703dbc9a6994ce07ced771d7b650ba0d9b976de82385e
SHA512

45350c21a79d00395f6ff42c5c67b78b02c2b29bc127e031c88bed97b9e617ab2b5a95285ef56ffffde6b3e021bc4fec36d8ad54b839741f8c8b27b2f7991a50
SSDEEP

384:Yr9n+pOIEsGFWzR82Mp49jhOMP28vbNPwLdqfRy:m9n+pZGEzRLcGt5P7vBYdv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28
PID 2964 wrote to memory of 3068	2964	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\182d977039100428846a13c3180211e2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\182d977039100428846a13c3180211e2_JaffaCakes118.dll,#1
  2⤵
  PID:3068