831561b30500433d71966ad3badbb37c679d9a7873d744a3260f2d3746dc9380

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 00:02

Target

180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll
Size

97KB
MD5

180b43f4225dbd427a41787bcf54e605
SHA1

9a57f12b39db8d5cba546e62ae2ce859851741e8
SHA256

831561b30500433d71966ad3badbb37c679d9a7873d744a3260f2d3746dc9380
SHA512

507c40515a5a7a9a83713e51b1f24773a2c92cfc624ab4db56a96104e1fcfc461d0d3313199c64c348bcff28d0de915b75ca5bd192718cbfa442d5140d8b8722
SSDEEP

1536:doqqmWMziXV8Kq23Jo41wpMb5PmlYfww7mFjCGy/SAb2tF+Wnd5h+:SqqmW+23JbIFifww7a9uStF+y5I

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28
PID 292 wrote to memory of 1976	292	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\180b43f4225dbd427a41787bcf54e605_JaffaCakes118.dll,#1
  2⤵
  PID:1976