77f2649315b6105d946b08f4b4427d0c878ad8de28271d35084774ff99c44a04

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 03:03

Target

5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll
Size

237KB
MD5

5a36f2f50cdb5156b02522f871f93210
SHA1

d3682c98a0b915ac8aeb6c7f8e7b9d98a1b862f9
SHA256

77f2649315b6105d946b08f4b4427d0c878ad8de28271d35084774ff99c44a04
SHA512

0e3371dd8c6f0c1c5204229feb31288cf989d1ea6c17620174c3fbfaefd96edf318964c41d2ec1dd670a8d56781af2418389013891417b2bdfba414ef874dc9b
SSDEEP

3072:8Z3kDzZeRaRFXpwb8TV/Hv4h3IHd0xphLQ2vUitSDbcTM4Iq2Dskiyil9t3G1t:W3kpesi8T9Md38FiYZwGh1t

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30
PID 2416 wrote to memory of 2588	2416	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a36f2f50cdb5156b02522f871f93210_JaffaCakes118.dll,#1
  2⤵
  PID:2588