6547967c8a02787a9c8c6e88d652e3b85db483d4b7adaff4777f2c1fba0b69b4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 16:10

Target

468dcc15f495076f5719a06409221efb_JaffaCakes118.dll
Size

48KB
MD5

468dcc15f495076f5719a06409221efb
SHA1

2ebf160355ac9bcae742bc9e5e71ac992e224a00
SHA256

6547967c8a02787a9c8c6e88d652e3b85db483d4b7adaff4777f2c1fba0b69b4
SHA512

cacff0fa03add84114377e5428710980b6dc780b8eac5f9f2d08a65ac3febbda5ce7a51859338f718b2962b7a12c1addeaa7119e3398db802b7405a3a1ab9a87
SSDEEP

768:TDFNaO56IxXeZavz8ZqcF6BwgpZ/eKoR42tBDP:lNJ6IxugvzkqpBwwZ4pnD

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28
PID 1852 wrote to memory of 2244	1852	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\468dcc15f495076f5719a06409221efb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\468dcc15f495076f5719a06409221efb_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244