b6dc0f3a9b9c6d5bdee9a2f4672e31cb1b6d8a29dbe692afeedf933772398c9d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 05:40

Target

4873d03bcce20f6ee790dae664f08d72_JaffaCakes118.dll
Size

26KB
MD5

4873d03bcce20f6ee790dae664f08d72
SHA1

6f3f77d281a76b8e6952160129d570c9121d776c
SHA256

b6dc0f3a9b9c6d5bdee9a2f4672e31cb1b6d8a29dbe692afeedf933772398c9d
SHA512

a0e1ba36ae4a98998fab1584b6564f9423ff0f114cbc2df548dca58a41692845c178a7db79fff248ab63dcf5c8830685d9d13d8bd2bf8f89532293fa5dba16e4
SSDEEP

384:35m008E9N4NJI9LmFKZxGvAEio77bicN8oN3vZa7xh2RaRLwgB7Z8:I008NI9LpZxG8o7KcuoBQ7PfRMgB7Z8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30
PID 1820 wrote to memory of 2104	1820	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4873d03bcce20f6ee790dae664f08d72_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4873d03bcce20f6ee790dae664f08d72_JaffaCakes118.dll,#1
  2⤵
  PID:2104