05ccc4fdf596c61556c3adc14f7a0e3b7e9bc63fcfacfa67f67365f4761b249c

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 21:46

Target

3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll
Size

37KB
MD5

3218f1bb667ec01feeafed3b343c5c00
SHA1

a53681e613fbaffd8d08cc7acfe2e9ee10b3f04e
SHA256

05ccc4fdf596c61556c3adc14f7a0e3b7e9bc63fcfacfa67f67365f4761b249c
SHA512

39fdcaa943db2d16758e2aad13f89aad2ca0c00c91b5d7bbb80935370ee93fc4d0564430b1cd00b5c8ba87ac2d292410f09101f97f91544ec4a295786a14fbdb
SSDEEP

768:DoPNMi9s1QHrtosVGQecMrChD7IQilN41SVObyyTRv:kPNMo+QxucM+97IflNN6TRv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30
PID 2308 wrote to memory of 2456	2308	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll,#1
  2⤵
  PID:2456