74ad5c06560a71faa2af226c95468480845a04af8dd1bde6cefb641cfde72ae0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 14:09

Target

39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll
Size

71KB
MD5

39732f89c537c930a7473cdd3139f451
SHA1

e4cb3bb0036511bc28c9626e692d498498da1b01
SHA256

74ad5c06560a71faa2af226c95468480845a04af8dd1bde6cefb641cfde72ae0
SHA512

267af967385dbedd80f67b472bed2a53348ee894424d4576ad4cf90bee4e73d2cf192c66d66ef3f495d98d39bb04d338a1a264cce0fe7368ff180f463eaae8ed
SSDEEP

1536:n+ukDMfPy3Pzm46jqD2lJfcJ2enJI9BC/z4toaf1000:+uiv3s+2gMeO9k/zcf1n0

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30
PID 1908 wrote to memory of 484	1908	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39732f89c537c930a7473cdd3139f451_JaffaCakes118.dll,#1
  2⤵
  PID:484

memory/484-0-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download