a4ca1c903bdef1738f0f148e6a86b486e48b5bf6686e2c2277881bc1a730f46e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 21:45

Target

321801d5c7d6d4f7748ea38aecd6bac3_JaffaCakes118.dll
Size

95KB
MD5

321801d5c7d6d4f7748ea38aecd6bac3
SHA1

e06ed5e4ad82372ce41e4c2a42afe81091a2e297
SHA256

a4ca1c903bdef1738f0f148e6a86b486e48b5bf6686e2c2277881bc1a730f46e
SHA512

96dc68c1c1d2ba70810812e6e9fcee9e65bb941c251f996f840c2ea1ade0eec72f4da8135579147f6ca084164da916a40d6bb6ef27d29d6a2e96fc114b53e165
SSDEEP

1536:1xV9Th1hTqHuqFGdx7NDS/k9PxYbE/noQNOaqF1X1cZZVsLqjqgq/qDqoqRqaq:1x3Th11qFYS/k9iEQQ6F1X1cXVsLmh2L

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30
PID 2292 wrote to memory of 1208	2292	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\321801d5c7d6d4f7748ea38aecd6bac3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\321801d5c7d6d4f7748ea38aecd6bac3_JaffaCakes118.dll,#1
  2⤵
  PID:1208