20ee05de27d52b89bb3fbdda6b1b29c5b886c320b13539db22c2f2a13845728b

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 04:30

Target

483a73a54781ba9880ce3c9a3b1f6b7b_JaffaCakes118.dll
Size

63KB
MD5

483a73a54781ba9880ce3c9a3b1f6b7b
SHA1

3e1ae9be218665ad6c3f6c0fada8c3f06cfb113b
SHA256

20ee05de27d52b89bb3fbdda6b1b29c5b886c320b13539db22c2f2a13845728b
SHA512

1ec53d8bd01ddf09ad513ed65cf93d07ee620dd46ca873d58768c9e09a2f0ffaf9f63dae3a2f6ed19ab90c2ac397934bc3f4766d9005501d3099f3f9c9409f0f
SSDEEP

1536:EGjTaCCvSoeVbxKNZ/LHobJB9cf3z68nWa:EGjTa1BjNZ8JI/e7a

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31
PID 2632 wrote to memory of 2428	2632	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\483a73a54781ba9880ce3c9a3b1f6b7b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\483a73a54781ba9880ce3c9a3b1f6b7b_JaffaCakes118.dll,#1
  2⤵
  PID:2428