4dcfa8a7d09ece10531db1161fdf671098b1ca397db47f0bc23c5f3dbbe6d998

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 11:15 UTC

Target

285a17f3ce539962cab473641e99df57_JaffaCakes118.dll
Size

52KB
MD5

285a17f3ce539962cab473641e99df57
SHA1

0653ea17f12b1deb6fee5df7dda1f777e99f98a9
SHA256

4dcfa8a7d09ece10531db1161fdf671098b1ca397db47f0bc23c5f3dbbe6d998
SHA512

36374c09e6a3bb5c5b68760c372f1fb012855d281a34df67c76eec2ac3bfbd831fc1a52258dcc01ca6b458057e46e49f137df7d4cd0bddb5e4c91278b11be677
SSDEEP

1536:gtVp+GyKxPZP2mSPfO60uLi2KedZOtLLh4M:gP9tJwmdyZOtLLh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30
PID 2732 wrote to memory of 2736	2732	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\285a17f3ce539962cab473641e99df57_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\285a17f3ce539962cab473641e99df57_JaffaCakes118.dll,#1
  2⤵
  PID:2736