0490c13053e9a8443d2b7cf186f0ac6dfaabb3fda9596f96e16128e9d1792118

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 01:13

Target

3b736452b26d4436db045c91d9689088_JaffaCakes118.dll
Size

204KB
MD5

3b736452b26d4436db045c91d9689088
SHA1

b364f420ca62a1f9ce49d41520db5804e43c1b86
SHA256

0490c13053e9a8443d2b7cf186f0ac6dfaabb3fda9596f96e16128e9d1792118
SHA512

afd71e2c16b13579689c4f60f480655e49b49213b17da5e2d81ab4c617b814c07515b938e02f2c83f3b9189263144ee669f2caf6b0763ca1f5b422aa091d163d
SSDEEP

3072:4L4VDxk7xWamNdyDIRzHJc0nJ2VbWMk7V7wBkSqcmRlvmI0qHhcO5VHteGHzksws:odJv0Jl7W84swYCA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30
PID 1404 wrote to memory of 1708	1404	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b736452b26d4436db045c91d9689088_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b736452b26d4436db045c91d9689088_JaffaCakes118.dll,#1
  2⤵
  PID:1708