4794dda36240666482ec2b5c2e597de048fba12b1f75cef56384510c4231a4e5

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 11:12

Target

38e05c77c8a44d81cff6d70deee6fb3e_JaffaCakes118.dll
Size

564KB
MD5

38e05c77c8a44d81cff6d70deee6fb3e
SHA1

7b5eeaff5860963889f819ea5edbc9227cc33736
SHA256

4794dda36240666482ec2b5c2e597de048fba12b1f75cef56384510c4231a4e5
SHA512

a10fe0147eefa5ae17ee74678ab6fd9b31790c07235ca725f7d6151c25c37a8dce0ac64be2cf29e74791c7325539369f642131d1538951db768cf62d67b342d1
SSDEEP

12288:hZjvk2jNNCTK6QLyAVgcFKNNJWyZ0pgjY7kUVjyPlF7cpb:fPNku6QL72NNoy/YhVjKW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30
PID 2716 wrote to memory of 2844	2716	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e05c77c8a44d81cff6d70deee6fb3e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e05c77c8a44d81cff6d70deee6fb3e_JaffaCakes118.dll,#1
  2⤵
  PID:2844