15c271c4bbba20988c836c2db103ee66fd56003d0fcf8c3098b0b75d38351e63

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 11:00

Target

38d7812656e21f875303615e01f32004_JaffaCakes118.dll
Size

32KB
MD5

38d7812656e21f875303615e01f32004
SHA1

519d446033dd483308ce4e8562be46c630e402f0
SHA256

15c271c4bbba20988c836c2db103ee66fd56003d0fcf8c3098b0b75d38351e63
SHA512

848fc4b30cb709072471f7a376533b3a4e0d8b12f8835a1b88c8838176970773897162f24479847768f38b3b250df458c021002bc01f18009c54d81fae554e1c
SSDEEP

384:Y9NqL0mh9NfNryPHkx0bzSYAk8kVfO5Y4ZXXqGa/77y4gk+vjt4mt6dyRH+eZvvd:IqLJLLEIkVf5/75L+vjGm4dA5ZCR+p

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30
PID 2668 wrote to memory of 2632	2668	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38d7812656e21f875303615e01f32004_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38d7812656e21f875303615e01f32004_JaffaCakes118.dll,#1
  2⤵
  PID:2632