98a5c1ed04eacee444a4c2e53a10fd1305bd45a2c4f03c55cd5061d7388b5043

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 21:55

Target

4b920565aa13ac8ff5333bbb5ec136a1_JaffaCakes118.dll
Size

89KB
MD5

4b920565aa13ac8ff5333bbb5ec136a1
SHA1

330bb6f7997b7e0556d6334e450f93dfa57d7aeb
SHA256

98a5c1ed04eacee444a4c2e53a10fd1305bd45a2c4f03c55cd5061d7388b5043
SHA512

ce0ecf7ebbd47933e5b8ce816fc667a211ef4b6878dba57c6795aefac16488275932403dbe45c5619232ae13cd76f157c822d45e46ded4efcde55b3cf9426cff
SSDEEP

1536:S+J7RfNFkzXA0F3mkrW3Rldf/BYCljxmGU1pFzXo6g679:bJZ2XHRByBHX/l9mxFzXoQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28
PID 1648 wrote to memory of 2248	1648	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b920565aa13ac8ff5333bbb5ec136a1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b920565aa13ac8ff5333bbb5ec136a1_JaffaCakes118.dll,#1
  2⤵
  PID:2248