72876204f286e816050d39fe21a66910906bd51c349f43d8ba16ffac6cb8d426

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 12:43

Target

45dc085bfe7c3da72a7160f841742afd_JaffaCakes118.dll
Size

176KB
MD5

45dc085bfe7c3da72a7160f841742afd
SHA1

b01a21e6b5fc63e4ea6d881043771e2ba4e958f7
SHA256

72876204f286e816050d39fe21a66910906bd51c349f43d8ba16ffac6cb8d426
SHA512

49ac811e19e5c03c4860e5a3ac800dcce63d5ff08fdc690005a47adfc289379b4cc09a74753faa0dddf21f501f5081cc17ee14635577205c6f31dde1c8fe8a26
SSDEEP

3072:P/7T17mNOd9zhJ6ojg2BJ8oSIHxsTcfokHn3gs7FOCQHZMkMRwQkJ7ZzHPRa:P/7FmshIi5JHxsFOwSvQ53MRwxxZzw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30
PID 2356 wrote to memory of 2368	2356	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45dc085bfe7c3da72a7160f841742afd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45dc085bfe7c3da72a7160f841742afd_JaffaCakes118.dll,#1
  2⤵
  PID:2368