fcdb89e203271dbfd04df70e9c8953804df8f145a22f493ec069ee2c64d2dacd

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 03:45

Target

20f92b21353a8c97da6cd8b917a21717_JaffaCakes118.dll
Size

4KB
MD5

20f92b21353a8c97da6cd8b917a21717
SHA1

e7401b18b47cb36a5ab01276a13ab2081a47e4a6
SHA256

fcdb89e203271dbfd04df70e9c8953804df8f145a22f493ec069ee2c64d2dacd
SHA512

40ea16291e3bc01503186f118a5a5e601763266b85dca3603cc0d9f15f547e688ed2d51268867898347ebb647536ea683ddcfe653c63e5fb8f81203a2ae752e7
SSDEEP

96:ZqQqGE1CpAxd2m6r08nGGSU+csP750InJzUuvUh42n:IQqG+xdJ6jFj+7P75PJzV82E

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28
PID 3056 wrote to memory of 2232	3056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20f92b21353a8c97da6cd8b917a21717_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20f92b21353a8c97da6cd8b917a21717_JaffaCakes118.dll,#1
  2⤵
  PID:2232