d4149b8870800531f598a30a097e1c922236277f7c315ba758d886796a08455f

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 04:07

Target

37a52ec622d32ea91d0cf0db4088da8c_JaffaCakes118.dll
Size

98KB
MD5

37a52ec622d32ea91d0cf0db4088da8c
SHA1

1dbdd403809d6eb5cfe299d6ee810b46948693b1
SHA256

d4149b8870800531f598a30a097e1c922236277f7c315ba758d886796a08455f
SHA512

c98e0e71299fd50fb8235f1ddb3d3fded9557fd7d91f509c4b359cdfaffcf9f77e3532d23f7c675e376ae8d77cfd1a6de04a4f96162cdb73a26c0ef1508366e2
SSDEEP

3072:nC+llOcwmiya/eSm/Igq+UDTVs74lcTisclV73e/:CkpwiamMltw4SFuVze/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30
PID 2644 wrote to memory of 2332	2644	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37a52ec622d32ea91d0cf0db4088da8c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37a52ec622d32ea91d0cf0db4088da8c_JaffaCakes118.dll,#1
  2⤵
  PID:2332