c7b1bd0bfb7ef96c14eac2ce4b07e0a9ac56e443278f030b6e8c95af2c30f091

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 18:25

Target

4ade59e7ce937a6c3493b6a2cc6018c9_JaffaCakes118.dll
Size

24KB
MD5

4ade59e7ce937a6c3493b6a2cc6018c9
SHA1

2ce1c618808a586b5e1102d2c5dc8f111646d5e3
SHA256

c7b1bd0bfb7ef96c14eac2ce4b07e0a9ac56e443278f030b6e8c95af2c30f091
SHA512

c8cc9827c957963af77bf4fdbf81e9320a15f20455f1f588ea140f6e4e53c14bb619640fcdb26fa7edc3e67a57b08eba9bc613e015465e51cad7a6c3b08fba2a
SSDEEP

192:RlmS9xWaWvd+YlSSDQ2sqImrcjjiWS1MhNP1TRh:RlmcWNd+YlSSDBsqITjeWS1MhNPh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30
PID 2600 wrote to memory of 1968	2600	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ade59e7ce937a6c3493b6a2cc6018c9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ade59e7ce937a6c3493b6a2cc6018c9_JaffaCakes118.dll,#1
  2⤵
  PID:1968