a4ce25fb92591a4aa355b28f9a854490fc821bc1a19e587d19bf9d47b4b1630b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 01:26

Target

59e666221943edace4e1a40801f717eb_JaffaCakes118.dll
Size

44KB
MD5

59e666221943edace4e1a40801f717eb
SHA1

4ca6202c5c2f54859d6b6c439093783d86f12747
SHA256

a4ce25fb92591a4aa355b28f9a854490fc821bc1a19e587d19bf9d47b4b1630b
SHA512

4777f6028ff23d5779856600714a3455bf811c45615100ad956503e5473f529266f0ee6b65d5d1c16a4e97b1cb9eeeb6d5d5e8cfb2df333e26b2998dd767fd5b
SSDEEP

768:Qx+d8neg7szGjKbtRJ53FeuF8hQJM4ToUyQz:s+KneMsrtb5tOqoC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30
PID 1328 wrote to memory of 1864	1328	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59e666221943edace4e1a40801f717eb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59e666221943edace4e1a40801f717eb_JaffaCakes118.dll,#1
  2⤵
  PID:1864