a7225d80fb20049a1cb2ccdbab239c7be895f0eb56ee7ffa42d6bb47727353b9

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 17:14

Target

232a454ac21e514c999c623fcc178b5a_JaffaCakes118.dll
Size

628KB
MD5

232a454ac21e514c999c623fcc178b5a
SHA1

4883be14f93bb7a886f1654a91f53a9881226ce6
SHA256

a7225d80fb20049a1cb2ccdbab239c7be895f0eb56ee7ffa42d6bb47727353b9
SHA512

b1379278819c83742ecee8cd381e3fbbd514824bf3739fcd08882a68b0391b5713da27a7c6aadff9909f5f79ccb219be763390b028c4ad4dbb1a4c8dd241c039
SSDEEP

12288:HflFLr0rqSkgM3ICXBHNvFQu0fTPC6b3PiFaob1gsiFbsePPTCvOnZvT9UI0TK99:/rHgk79CTPC6bfJPFbsePPTBBTeTe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28
PID 2076 wrote to memory of 2020	2076	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\232a454ac21e514c999c623fcc178b5a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\232a454ac21e514c999c623fcc178b5a_JaffaCakes118.dll,#1
  2⤵
  PID:2020