1b74cc63429dd67f045f290dfd1b4b2fd8299d03345451fac1f676b8e9dccd94

Analysis

max time kernel
15s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 14:52

Target

3dd30311614dde53918eda740c1db959_JaffaCakes118.dll
Size

118KB
MD5

3dd30311614dde53918eda740c1db959
SHA1

e5c77807e835e07ac9ea746f60bf99508b3b4636
SHA256

1b74cc63429dd67f045f290dfd1b4b2fd8299d03345451fac1f676b8e9dccd94
SHA512

1e24fa380a50e3c439ef92ecde6291ea77ed87a0251a9ec8e311760298ce6de2d85c91379976ec885b29adb940712cc6d5545e5463671629d9b8029cdd426b85
SSDEEP

3072:jHyP5HyZJ4tjPAwGMwNKJqlQ7lya2xk5GZ+tGNkBbUVjK:jHOHgJYPAwGMTql4lVAYjLB4xK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29
PID 2400 wrote to memory of 2300	2400	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd30311614dde53918eda740c1db959_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd30311614dde53918eda740c1db959_JaffaCakes118.dll,#1
  2⤵
  PID:2300