7d2d76edcfaf54c07a9a352ddd92e8a5debc25b2506cf607495792774807d77e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 05:49

Target

4d0c91e41e82a4ca5faeae1df595037f_JaffaCakes118.dll
Size

33KB
MD5

4d0c91e41e82a4ca5faeae1df595037f
SHA1

17758f0c302590923f73e4eb853063f26193a658
SHA256

7d2d76edcfaf54c07a9a352ddd92e8a5debc25b2506cf607495792774807d77e
SHA512

27c3f46efcaf5afb46da80e20c2aa65a06cb2d203f8cc79def02159402c24e01076763bba1262bcaf6a8496660a63f0ef9d0ede286914f2216535e9448e0c941
SSDEEP

768:DnPYvZLnZ0icDVov3Yq7pW/PB7cOfRERzSL:TPYvZLnUVOb7pW/GqERzSL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30
PID 1528 wrote to memory of 2560	1528	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d0c91e41e82a4ca5faeae1df595037f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d0c91e41e82a4ca5faeae1df595037f_JaffaCakes118.dll,#1
  2⤵
  PID:2560