0104109235b5c544db0a83cacedfa86a6b0eb61d5860c3b3ff574eb6fc44757d

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 04:39

Target

3c02ce20d6c17d11b99eb77ab23755d9_JaffaCakes118.dll
Size

37KB
MD5

3c02ce20d6c17d11b99eb77ab23755d9
SHA1

48b95aed2ad80844470d699344e1c07bdc22d771
SHA256

0104109235b5c544db0a83cacedfa86a6b0eb61d5860c3b3ff574eb6fc44757d
SHA512

add20d5d802799799f6edfa8f8ba47267329b149980baa8ff1a876b6cad2b006b0aed4a2cdcecb4952c3404d55cccd25f43fc0faae8287d5c2a36278c87d2de1
SSDEEP

768:6K/ul8oMQx7g90OrOrwg2RqCJnuCx9EPH3FZE0bma3lag:/Wl8orxomcPJus9EHrrX3lag

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30
PID 2316 wrote to memory of 2368	2316	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c02ce20d6c17d11b99eb77ab23755d9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c02ce20d6c17d11b99eb77ab23755d9_JaffaCakes118.dll,#1
  2⤵
  PID:2368