4ded78d955fb417118d0984889fa2b26d6c37ad073db41a3667666db6d461fbe

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 09:09

Target

21cf3050428a6fa58b52dc6f676834dc_JaffaCakes118.dll
Size

532KB
MD5

21cf3050428a6fa58b52dc6f676834dc
SHA1

53dee8488c701dfbd4a032727e1c3995c03085f7
SHA256

4ded78d955fb417118d0984889fa2b26d6c37ad073db41a3667666db6d461fbe
SHA512

45bfa7369022db85ebf466b4522b09c542adb7a4d40c0304f38a643cb37dabda1fd9bdcce1da70783a6f2a2b08146f486f53e0afcd0ac20ee511cb9d4ef2bb77
SSDEEP

12288:cD7QEjCEGm1jFaaKkZAjFu3rCAeDZr6T:cPQExRFvKRFu3r1T

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28
PID 2216 wrote to memory of 328	2216	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21cf3050428a6fa58b52dc6f676834dc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21cf3050428a6fa58b52dc6f676834dc_JaffaCakes118.dll,#1
  2⤵
  PID:328