ad1897008fcac5d4b1f9a71df640a55833ddcfb75cf757db7c954dc7b06b7195

Analysis

max time kernel
14s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 03:00

Target

37742d4b5ab117e6c004efd2685bf47d_JaffaCakes118.dll
Size

91KB
MD5

37742d4b5ab117e6c004efd2685bf47d
SHA1

3abfe8ea49d9d6f73ae6524b33a012e287163abe
SHA256

ad1897008fcac5d4b1f9a71df640a55833ddcfb75cf757db7c954dc7b06b7195
SHA512

6711741e06e88d612cd1e1feb1873e20a39d7693349825e798a59fc88e20d68a83f726f42e1d4ff7f64d27f0b2598ba5702c60ce8158faa08112c603b8662b07
SSDEEP

1536:aKScZUEIU0HSPrgOhV5Tu8P5/0nxY8E7n4Ggqflk0b3:ZScTP3V5jPWxYn7TZ3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29
PID 2296 wrote to memory of 2300	2296	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37742d4b5ab117e6c004efd2685bf47d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37742d4b5ab117e6c004efd2685bf47d_JaffaCakes118.dll,#1
  2⤵
  PID:2300