320f84fc845aadb61d650e339d05e1de14a504080ed0d373016fcb45ad9c601c

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 21:16

Target

3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll
Size

61KB
MD5

3abda972279f61c275c4f04f7dcbdda5
SHA1

cf4cec92ebf8fbfee273dae1d3c36311cf29b6eb
SHA256

320f84fc845aadb61d650e339d05e1de14a504080ed0d373016fcb45ad9c601c
SHA512

f067840a5244219dda1b99284202939f61080db13d876ef3d04848d8e087bed3996dda2d393b1435daa293f108e595c69f5a2d1831a27bdbe5e7cbf24d4512ff
SSDEEP

1536:EGLj1u4y1XUlBD6i/Obwo2gbhKMLmzJc17Elm0Hn6L5y1:EGLj8DFg16sXuLmzu1om0Hb1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30
PID 800 wrote to memory of 780	800	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3abda972279f61c275c4f04f7dcbdda5_JaffaCakes118.dll,#1
  2⤵
  PID:780