cb372ec35eeabe87f3bed4b5eb1e954a1951d7b45841d92fcd429a7872523227

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 13:20

Target

3d8ab38d5604537c50cdebd520aa67f4_JaffaCakes118.dll
Size

49KB
MD5

3d8ab38d5604537c50cdebd520aa67f4
SHA1

1da2c4d77fe34a9ff0ee68f835b9653c772273eb
SHA256

cb372ec35eeabe87f3bed4b5eb1e954a1951d7b45841d92fcd429a7872523227
SHA512

f0073e0986532e2fb55204ab3fddaa6a9e4fd589aaca5e54b3ce618dca1595ab41ddffe51b62446705330abc0d3330081648efcd7b1b1c443551f50d068ed487
SSDEEP

768:ngzYn1YGXglXRTfGrBPmx7Rg4+G4ZWWptLiqBkjnHBN0XYooAk:n03RrOexi4UZzptLiskjMk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30
PID 1652 wrote to memory of 964	1652	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d8ab38d5604537c50cdebd520aa67f4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d8ab38d5604537c50cdebd520aa67f4_JaffaCakes118.dll,#1
  2⤵
  PID:964