3d32d4d2b281ada3cda83620b5be4a131e9c54c83be1cd0004d612ec0ca83585

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 01:03

Target

479018c8cca529e8476fffcaabc91e1e_JaffaCakes118.dll
Size

42KB
MD5

479018c8cca529e8476fffcaabc91e1e
SHA1

cdcba7aa7453dfe3267247c3cdb4182a3f66fc6a
SHA256

3d32d4d2b281ada3cda83620b5be4a131e9c54c83be1cd0004d612ec0ca83585
SHA512

1625d5ab82e1fa7229532651c19252efd9c826676294b2bab4fcea0b6e7dc9171a634210e3bb54f1b8df2936fd622104ad8a9a699c8f5e08ab8908f405616fb6
SSDEEP

768:+mMwI5+jK/+fL4F9jaQbhbanF0OCw2n18tbNTjZ7O+QcQs4EPHeW5:+V5+pTg9jl4nHCwC1kxTjZC+QnEPHeW5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30
PID 2236 wrote to memory of 2664	2236	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\479018c8cca529e8476fffcaabc91e1e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\479018c8cca529e8476fffcaabc91e1e_JaffaCakes118.dll,#1
  2⤵
  PID:2664