758d7b9fba5d558bd0d0f7b08c95fa69fd8ca250bed983b976523b9176ae0968

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 14:54

Target

30d577791394c4ce3d947c576a4c2f71_JaffaCakes118.dll
Size

40KB
MD5

30d577791394c4ce3d947c576a4c2f71
SHA1

4d0e128bdfb7b49c442e71ab731cdba46a356d21
SHA256

758d7b9fba5d558bd0d0f7b08c95fa69fd8ca250bed983b976523b9176ae0968
SHA512

31733331f9241f292a64ded5049cf9c3eb64b4bdcb46c77742a15ea32421b52985d7fedf728d7b81e268ab14a8df695cf8d1114d4a2e9e17f29915a25cfb61a0
SSDEEP

768:KVmrMTqYPNZ8E3Jf7bAa747EK+X+hP6NWBoR8fTH0WW0:KVmoTZ3JfnD747d+uh8aoR6TRW0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30
PID 1512 wrote to memory of 2300	1512	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30d577791394c4ce3d947c576a4c2f71_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\30d577791394c4ce3d947c576a4c2f71_JaffaCakes118.dll,#1
  2⤵
  PID:2300