00c1f057588b328a726a1b69232e15a7687df766ebc40b98afef18fc6009b2f2

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-07-2024 01:25

Target

32c5c0882814034e7e2292fc82462379_JaffaCakes118.dll
Size

277KB
MD5

32c5c0882814034e7e2292fc82462379
SHA1

4f96b9df07266bd725fc6ca4a10d72564134d2ce
SHA256

00c1f057588b328a726a1b69232e15a7687df766ebc40b98afef18fc6009b2f2
SHA512

89619d7f9881b3c16db7d0db64ee72b3413de6020c19efd8c4e2b1791704e73fd5e415dd29d265f4134c3f444cf6fb46513a201090c2aa42600874606d59fbff
SSDEEP

6144:xCiF1oHiIfe86vCZsaVhUzxpAaDPC+7vppBYpZVj60/+tXrhmoSU:xvFKfe/EiXDK+HGZVj6z5hmoSU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30
PID 1892 wrote to memory of 1796	1892	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\32c5c0882814034e7e2292fc82462379_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\32c5c0882814034e7e2292fc82462379_JaffaCakes118.dll,#1
  2⤵
  PID:1796