193aa0bf855f99016ba65a37aab1b0b208341eb7b980d0d62da505c48e9bba46

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11-07-2024 08:58

Target

387a7cea6d58617891574de146e010e6_JaffaCakes118.dll
Size

32KB
MD5

387a7cea6d58617891574de146e010e6
SHA1

a311c77554cfa725b9a2a75651478573410b71b5
SHA256

193aa0bf855f99016ba65a37aab1b0b208341eb7b980d0d62da505c48e9bba46
SHA512

eab00f5675b55445ffe76068b6c1f9762f832d6d9e11aa70ec9d3fe3e1055827c96de77e26053d9e055d6bd86cc178aca3180ea47dd0dcf1c53f8a570fac4137
SSDEEP

768:W7FFX0ogrmCSc19EkWQ75MM+li34iDzhqDFRWFT8:W7F1gr0c19d75MVlhCkxRWFg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31
PID 2468 wrote to memory of 2292	2468	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a7cea6d58617891574de146e010e6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a7cea6d58617891574de146e010e6_JaffaCakes118.dll,#1
  2⤵
  PID:2292