469eae527c618571d18b8bbdd46fcbd2ce2034fec3b6d9265378db2ed87955de

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 08:35

Target

40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll
Size

64KB
MD5

40f2b60b0c9c56f5312678fbd29d38e9
SHA1

5bcfd942a380eb15634607c6f87ec39464b6fc78
SHA256

469eae527c618571d18b8bbdd46fcbd2ce2034fec3b6d9265378db2ed87955de
SHA512

24d593c200ea8c0a9e7143f4bc8cc5fad18a5b1b48f566ae1e2d5c2f2ffc916bf27c231b831aa4e8d75607916e0bd6bb87a9b1a3d904c3103029750fa086d80a
SSDEEP

768:jHLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3q3Z:jWaC+Ltq1lyTCM8nzN4los63Z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30
PID 2692 wrote to memory of 2756	2692	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40f2b60b0c9c56f5312678fbd29d38e9_JaffaCakes118.dll,#1
  2⤵
  PID:2756