3a010e0b0a6086b5da4dcf8d128ead2db689b712519db640865d7ca95181dc97

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 09:03

Target

4da27989d77e6c47b8a70df6c27ce3c9_JaffaCakes118.dll
Size

128KB
MD5

4da27989d77e6c47b8a70df6c27ce3c9
SHA1

1f86e214e78b4a83e7c629618fc5873b968540f4
SHA256

3a010e0b0a6086b5da4dcf8d128ead2db689b712519db640865d7ca95181dc97
SHA512

21fa58e73a80194fbfec54fa598a2d87ba14c854af9984bf8e6f19ef4a66a2a54ea214d39ecaaab28fb4ff93aeb0b1e26fcd3dcb7ffec3dc5f01ecfdfdef66cd
SSDEEP

3072:wl14d7DeZUypikPwdujmafSKxDbGjZgy7UKBKQvifA:wmiSyBodu0Kuv1vm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30
PID 2160 wrote to memory of 2028	2160	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4da27989d77e6c47b8a70df6c27ce3c9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4da27989d77e6c47b8a70df6c27ce3c9_JaffaCakes118.dll,#1
  2⤵
  PID:2028