bbb93e7dae59722d59bc07bf63cd54d300afb8b4b430afc2fa9a82845a9bd424

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 05:48

Target

448f49d2507461d7010c06ef622479c5_JaffaCakes118.dll
Size

32KB
MD5

448f49d2507461d7010c06ef622479c5
SHA1

a36d9b079c220cbdac7b7e833efcba11db80b726
SHA256

bbb93e7dae59722d59bc07bf63cd54d300afb8b4b430afc2fa9a82845a9bd424
SHA512

20ee569fcb28798842d6ea4ece1cbec964e22bda8cfc5b08b8464526aeac475989e8322ee8fa7b9a5e259024239d164eadc00b5f4724a5cfa1ac1ffd7f00e047
SSDEEP

384:/0Jxhmh9NfNryPX6lVf/XTXAcO2jGYVfm50ApXzDar77y4gkSTt4mt6dyRH+ewLW:cD8LP7fbiYVfxr75LSTGm4dA5S6RECyo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29
PID 2452 wrote to memory of 2416	2452	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\448f49d2507461d7010c06ef622479c5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\448f49d2507461d7010c06ef622479c5_JaffaCakes118.dll,#1
  2⤵
  PID:2416