1511722f959314a28462e29dc9869e7271763ad9bacea5a1754c57f7a55d5b4e

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 03:08 UTC

Target

3313ddd69a1b2619aea6adf5db7790cd_JaffaCakes118.dll
Size

24KB
MD5

3313ddd69a1b2619aea6adf5db7790cd
SHA1

ce4b54c579ef6812768f1980c9e8c0f4fe4fc2d4
SHA256

1511722f959314a28462e29dc9869e7271763ad9bacea5a1754c57f7a55d5b4e
SHA512

f7e048c1bf74646437c0b2e825bd364e79d535e87cc6e0785e83aa9faca86e576095a3e2a1b86da62c3a9b59f4c03242841ec6d6aa5298a891faa49ca6830469
SSDEEP

768:Meg6IxbSPiXDzkGPkRuxPRUwjAQHbClOdDOjI7:nRupRUwjAQHJDOjI7

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30
PID 2876 wrote to memory of 2644	2876	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3313ddd69a1b2619aea6adf5db7790cd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3313ddd69a1b2619aea6adf5db7790cd_JaffaCakes118.dll,#1
  2⤵
  PID:2644