391e1d516389799d5112c07818d8178685183864dbf1584a6c73e82ab0396278

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 04:25

Target

4ccadc8a52d4355d154df5739e66a51b_JaffaCakes118.dll
Size

40KB
MD5

4ccadc8a52d4355d154df5739e66a51b
SHA1

6443714f98fefddff60609b96a65588bc6129a4a
SHA256

391e1d516389799d5112c07818d8178685183864dbf1584a6c73e82ab0396278
SHA512

71b9e4f192f69d7f3025f252794ccb1c4f806291551ba8a43402336a5c915dafff604b77e5e4647b3a149c910f89736f3d3d6cbe87a300ea931bd96662cec507
SSDEEP

384:MTaJGr39YEG+niamXUmj6rRtJgg20PbaT0ze9uX0RS1BbRVhLjt4NTW/Wvoi:MuJC3AKxmurRtHIAe0ERabjh/ONz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30
PID 1616 wrote to memory of 1676	1616	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ccadc8a52d4355d154df5739e66a51b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4ccadc8a52d4355d154df5739e66a51b_JaffaCakes118.dll,#1
  2⤵
  PID:1676