ad31e6b5218070c0575ec29e855179e0c830995466a9c1c476adb312fbb5cd8d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 09:41

Target

3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll
Size

32KB
MD5

3cdc328d4eb5a658b5574f47f757a0ef
SHA1

549ec726e2df36f8441996e0d35544973e5de8d5
SHA256

ad31e6b5218070c0575ec29e855179e0c830995466a9c1c476adb312fbb5cd8d
SHA512

eeb46a85fd6d1522332292c479bd9d71799a77f5569e1a30c8f999b5c2a56ce008647d10452798cd15c7257aef8026aeb44d2f1ac2c14d5d07a423ea5c7ce272
SSDEEP

768:E6doris3HEFN6sy86Qtj5Pdp7twAcj2uPey7Hq8Dr5k0OqO3QRAYWbe:E6doris+6sy86Qtj5Pdp7twAu2up7HqW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30
PID 1420 wrote to memory of 2124	1420	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cdc328d4eb5a658b5574f47f757a0ef_JaffaCakes118.dll,#1
  2⤵
  PID:2124