5e318270edfa4d39706ac8d941aed438baa5073713bb5b8138a3171db350ad08

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 09:02

Target

5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll
Size

66KB
MD5

5b456a6a32296a3fa0c35f3c6d25d299
SHA1

a93452265381fabc8434a56e01586ae1f9737af4
SHA256

5e318270edfa4d39706ac8d941aed438baa5073713bb5b8138a3171db350ad08
SHA512

387bf1cfc6da22ff862d28d09c93a904c2616cc188a495b9fa28885b1a9c4aa5c2b6d6ee6c9e125f83beb581683bee47d433f6c14a50bd8bdb0b9d5c695be40b
SSDEEP

1536:evX4FfSGB5k6/6A98HE6FEa8CcVAgsoPOqD63gp:a4FfvB5kqTqHEWEhCqAgsomZwp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30
PID 1948 wrote to memory of 1872	1948	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b456a6a32296a3fa0c35f3c6d25d299_JaffaCakes118.dll,#1
  2⤵
  PID:1872