e0b46ee9db07288f7345ed5a2292e09f7d04b048e77c86a3a572f7bbe6e11fbd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 06:47

Target

48ab658d032e61ab0b05ccf6ca8db8a9_JaffaCakes118.dll
Size

32KB
MD5

48ab658d032e61ab0b05ccf6ca8db8a9
SHA1

0e9b48ae0716c3b242c35995216834e10f1288bc
SHA256

e0b46ee9db07288f7345ed5a2292e09f7d04b048e77c86a3a572f7bbe6e11fbd
SHA512

24f1bd8656db604baf8da501f5fa330f122237cb3a79eb771b970129ef79cebc4662f0f7b3287900fa212b56fea92fd5a7a2687f5aba055e831b82ca0a8c3f3a
SSDEEP

768:NQ5aIdJCC8WqVFBRj/va3dhzMXOAMmNj:NQuCkBRj/WdeXOAMmV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30
PID 2692 wrote to memory of 1068	2692	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48ab658d032e61ab0b05ccf6ca8db8a9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48ab658d032e61ab0b05ccf6ca8db8a9_JaffaCakes118.dll,#1
  2⤵
  PID:1068