2abe19a300da3edf5a61c8e30064e78d3f06cc5ad897eedbf7c4685386734128

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 18:38

Target

318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll
Size

73KB
MD5

318448cd3fd73c7baa79cbbaace76d51
SHA1

137a6dbe59091598d1717fcd708287c9009c3773
SHA256

2abe19a300da3edf5a61c8e30064e78d3f06cc5ad897eedbf7c4685386734128
SHA512

d18d7b8041b05f67580b960658d4b9f17318a36b0f6d2b1b89326e1d889492c0c2ed516bedf41e8481e56d5bcf491dfded6e16915d312b1f496aa162ac0af26f
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuv:C5UOq0ukgOK2l7aFQv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30
PID 2088 wrote to memory of 2916	2088	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\318448cd3fd73c7baa79cbbaace76d51_JaffaCakes118.dll,#1
  2⤵
  PID:2916