439aecc84a29c048c3ee078ed984c6bf74711d83cad89a961e7df8c2ea4f6ed5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 04:23

Target

37b0a3da732d527623d3d60898250452_JaffaCakes118.dll
Size

117KB
MD5

37b0a3da732d527623d3d60898250452
SHA1

70107d59754eeb4eb8f387c4e7af6010741468e9
SHA256

439aecc84a29c048c3ee078ed984c6bf74711d83cad89a961e7df8c2ea4f6ed5
SHA512

04f0db46da4a9c65936613df7f73e46b63012d7bea2afabe1c4606d1656fc33d8cf312d49ab5b02918c342036c5b0b1c38a7030913615368a24694e4b862d516
SSDEEP

3072:JyFwFD6HDIgRAD+rG8RsaESUjx/kKYjzp:UFjHm4G0JGjxstjN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30
PID 2708 wrote to memory of 2176	2708	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37b0a3da732d527623d3d60898250452_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37b0a3da732d527623d3d60898250452_JaffaCakes118.dll,#1
  2⤵
  PID:2176