1bbbf0dc32e45ed0cac79e163fd77aa5e4cb1ec160233d41312ecce62edf1086

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 15:13

Target

39a5a7edeff38a97a58638c900707e32_JaffaCakes118.dll
Size

34KB
MD5

39a5a7edeff38a97a58638c900707e32
SHA1

904c571d397a65492c8dec747c650c2cbc6eed52
SHA256

1bbbf0dc32e45ed0cac79e163fd77aa5e4cb1ec160233d41312ecce62edf1086
SHA512

26eaaf04a2963c7af8d570a8d9a60efaaad449554da4e72459f05ccfaa3d5f6438cffdc869bc4b4adb96a20a7865b28c36dd6c6630cc4d237f860f83ec087c29
SSDEEP

768:qY25eVYZvTqq6bbP4Zrf7vn4DT+LOqhnP9ROh:h25eSGxP497vnUipVROh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30
PID 1996 wrote to memory of 2084	1996	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a5a7edeff38a97a58638c900707e32_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39a5a7edeff38a97a58638c900707e32_JaffaCakes118.dll,#1
  2⤵
  PID:2084