a40ddfdf1f38013c30f7b2b3a3777d11443791b38c620cff369b58a96e6a7afc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 06:37

Target

19244e43cbc3287586220dfea6e73260_JaffaCakes118.dll
Size

145KB
MD5

19244e43cbc3287586220dfea6e73260
SHA1

76cd79f83cf87946140c165c0686c65da0b95e06
SHA256

a40ddfdf1f38013c30f7b2b3a3777d11443791b38c620cff369b58a96e6a7afc
SHA512

c662e7d035538953e8c0903a7fc75e1fa186b979dd06d1b4d4215fd8100a17db0d5d77ad99c5f25020ee8099acb2eccbe959833ec4509777b9438148d9e6f921
SSDEEP

3072:yuoPFUBG34Nui9Lb4MVTQ5eD9EpeWPSfquLwlufy013O1c9Z:yjUBGeVV65AExS9y013O1c3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28
PID 2192 wrote to memory of 1112	2192	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19244e43cbc3287586220dfea6e73260_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19244e43cbc3287586220dfea6e73260_JaffaCakes118.dll,#1
  2⤵
  PID:1112