d4857fdfe1186f866b3559465e10a4275d783f0736445308ac21e36e20813239

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 03:02

Target

2468326eb67688ae97978cd6c99af926_JaffaCakes118.dll
Size

120KB
MD5

2468326eb67688ae97978cd6c99af926
SHA1

7bfbf238a9a3a1ba386585ecf8b4f0fb511835fe
SHA256

d4857fdfe1186f866b3559465e10a4275d783f0736445308ac21e36e20813239
SHA512

c5b4378d578de7bd5ef79d045dd62fee316e3bc240de4a7494d41f4b3275ee50d8f43bdf916ed6d63f0d881dfe34e4dd40846adba35c9383431d9f2c69f1e916
SSDEEP

1536:A2ev0tK3JwjqAhc8NBTOEQdN4v51s4n5vdMjqpp8/ka51D8jXOS6P:Azrl9KOEQMRi4n5vdjpA5146V

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28
PID 992 wrote to memory of 2300	992	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2468326eb67688ae97978cd6c99af926_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2468326eb67688ae97978cd6c99af926_JaffaCakes118.dll,#1
  2⤵
  PID:2300