7dbc22b03e1b10a32d33e5adbce8b9e40bf7380059b7bab089ebf07c7def2762

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 08:02

Target

48e9e6c7a1d3a13a6368425a2fadded9_JaffaCakes118.dll
Size

204KB
MD5

48e9e6c7a1d3a13a6368425a2fadded9
SHA1

f8496359f87abdd057c5edc9c35e12cdffc55d03
SHA256

7dbc22b03e1b10a32d33e5adbce8b9e40bf7380059b7bab089ebf07c7def2762
SHA512

be9ba90bf03b4bc14df033a03c720fccb23d028be57ce0950da1b1be6dcafa98723870b2d8c00de1e53cb3d450c93e9f5fa79089930f400654bf8433b6724838
SSDEEP

3072:9Ed8TBk7iWpIxdyDI23HdfSkJuYb5+AnPyVL3XHSscxRYjmH0qHpcO5VS82eoEtM:k26JS2py2HoEtOJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30
PID 2360 wrote to memory of 772	2360	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e9e6c7a1d3a13a6368425a2fadded9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48e9e6c7a1d3a13a6368425a2fadded9_JaffaCakes118.dll,#1
  2⤵
  PID:772