6ad8d7ce01dc8b4811a71ec380f45c4474dd95870785c8cdacce29824a978ded

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 07:12

Target

193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll
Size

68KB
MD5

193e10928586cd4a0df91d49455227a4
SHA1

68a141d8f93d5fd816235ef7e3439c1046aceb47
SHA256

6ad8d7ce01dc8b4811a71ec380f45c4474dd95870785c8cdacce29824a978ded
SHA512

b66010412292ade67918e2bd9d6d81f0207e6691f435b57f5b50eed0de4230041549fe4dacbd0d05047d289393de505f6db9cdbc2b57ffa00a055cfddafbf150
SSDEEP

768:jcOi31Bei7UPljckCEN3zMxPQiITUumZqQpgxkD6KTTybPr06SNnDsnx9Yt/DCTF:p9N3IOThknTTybPr06gnD3CX9o4M2z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28
PID 1920 wrote to memory of 1940	1920	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#1
  2⤵
  PID:1940