43a1fe8c883543e0ccd9dd76650a7b32f53f8411bf4331c297a7c00cb7342e38

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 06:06

Target

488ab69bc012f10b1bf70e52d933d9c5_JaffaCakes118.dll
Size

157KB
MD5

488ab69bc012f10b1bf70e52d933d9c5
SHA1

383add3b879e067e32b0e8bb1f3ed6a889465be4
SHA256

43a1fe8c883543e0ccd9dd76650a7b32f53f8411bf4331c297a7c00cb7342e38
SHA512

75051ff2083a0c198c2e0116275128df53d7781194cac04c9b52e4e846ec83b11a66d96d90da83a566c4ae2eeb425745d95d9134733e6a534e68649eeec78481
SSDEEP

3072:JX/VvZy8cwFhnAEzp/KFN/uX8FqxmW5F8U927fwbB2dSgypMZg5tmuE:JXNhy87nAU/K2XKqAW5Fy1SagA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30
PID 2840 wrote to memory of 2424	2840	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\488ab69bc012f10b1bf70e52d933d9c5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\488ab69bc012f10b1bf70e52d933d9c5_JaffaCakes118.dll,#1
  2⤵
  PID:2424