b42a575c36c233586706916037a2e95ba190269ba7eb835f337476d14f5730df

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 00:56

Target

478a3d7dd5705511914d43265e589d1f_JaffaCakes118.dll
Size

98KB
MD5

478a3d7dd5705511914d43265e589d1f
SHA1

1b134e656027ed5ba353de3076c9fc56a72c9220
SHA256

b42a575c36c233586706916037a2e95ba190269ba7eb835f337476d14f5730df
SHA512

479dd535cf5445ca946ecd8ed4caf62a768659227fd493f740eb144077b6b8228edb817e734497f1e5a44508366c98a4d11e4aef106a9ee3c70684711e7e6203
SSDEEP

1536:gWYasZ6D3Zgz+Vwbpldr3BrVMjutffLZlfJ5rM/k:gWycTC+Oddr9fHfJ5rM/k

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30
PID 588 wrote to memory of 1636	588	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\478a3d7dd5705511914d43265e589d1f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\478a3d7dd5705511914d43265e589d1f_JaffaCakes118.dll,#1
  2⤵
  PID:1636