20a1670f7f5c339d5afc505e0c77ad10c4c912dab3b681cd1e68e89f25c44411

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 03:47

Target

4815b1ef83fe99c197959eb71902ee28_JaffaCakes118.dll
Size

36KB
MD5

4815b1ef83fe99c197959eb71902ee28
SHA1

9b9c80678ea2b1fe611dfff9d88c50cd6f09a662
SHA256

20a1670f7f5c339d5afc505e0c77ad10c4c912dab3b681cd1e68e89f25c44411
SHA512

703edae6388971c2a739b95598fb7f70144ad2c5c2823de02145068b27bcefa45ae531382e230cb95c73f2764e3641c43fcd097f61414912428582e2ab8db151
SSDEEP

768:bldjeazLJ73PSindj9tuVqFqH7Pdvlr5hCD8ROjMV:bjjeUJ73PRtuVq67F9lQgROji

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30
PID 2448 wrote to memory of 2444	2448	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4815b1ef83fe99c197959eb71902ee28_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4815b1ef83fe99c197959eb71902ee28_JaffaCakes118.dll,#1
  2⤵
  PID:2444