1ce34a49247fe67c57e6a1cd8bd5dfe4c795896a4470d1a7f5b8d9aa1215eb45

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 21:17

Target

4b702c2c83a275315d5606a70e8488ae_JaffaCakes118.dll
Size

138KB
MD5

4b702c2c83a275315d5606a70e8488ae
SHA1

3a69ec0764739b046e8544d4f01ecfb2e61362c0
SHA256

1ce34a49247fe67c57e6a1cd8bd5dfe4c795896a4470d1a7f5b8d9aa1215eb45
SHA512

5b346dc0a3244ce5f6b3b6cb0152df2e533e620324f267e26bcd268061114f544a148c9134dad94dd75d7825bf91926af6ecbf1e8aaa2da1a0337bab95634cf7
SSDEEP

3072:LqoOQQjZ/WM09hlR9Ck1JjYRHXzBOT3rKTBC9zq9JcnG:LqfQQjZ/WMG7JjIBOrKlWzqUG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30
PID 2088 wrote to memory of 2876	2088	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b702c2c83a275315d5606a70e8488ae_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b702c2c83a275315d5606a70e8488ae_JaffaCakes118.dll,#1
  2⤵
  PID:2876