9f3bf80b05ffa576c1009ec6e91eab82ca01eb46a82f9105f81b3db587a5195e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 03:38

Target

37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll
Size

187KB
MD5

37918f717d1e234ceaa8715d615054d0
SHA1

17fda5fca96cee14ac008d6b546a6c91dd3ae59e
SHA256

9f3bf80b05ffa576c1009ec6e91eab82ca01eb46a82f9105f81b3db587a5195e
SHA512

d5d733345c23575eb4adad88db4b650c363b01622d80dcbe64d55087d8cd9f9fcd6a3b510f3bfa449ddd54f068487249a1c073fac6bfda58c9b6601c850049dd
SSDEEP

3072:5/NrMHpfUkW+AvBMG6G38ZIVOd42ne/X9PsYVcAdOHU5VFWc:ZdMJ8kW+AvBMG6G38m4T+9P1rdLrFWc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30
PID 344 wrote to memory of 2720	344	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll,#1
  2⤵
  PID:2720