943660f987a52f91e2f828a4299651d71aee468ae79c90752adfb45ca97052c0

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 10:56

Target

5ba3bee190e872f46ea6e8965e17f2d6_JaffaCakes118.dll
Size

62KB
MD5

5ba3bee190e872f46ea6e8965e17f2d6
SHA1

04a2c1227f39c49b0c83b0c4edf5e4046e83127d
SHA256

943660f987a52f91e2f828a4299651d71aee468ae79c90752adfb45ca97052c0
SHA512

0830199df02fc1959d512a243ff253d9e9ce8c22a82f1366ce554a109500b950da0df211534d9e61f242a524f3aa6deb4c24104f083c6a5a3a51b3cf77f371d0
SSDEEP

768:yuUr3ip/IHI7NQTvlgZj/U/nvNNrVIxYqgKmKCvslWFiAcU2H4tTc38WVJRNLREs:yl3E0TtgZLU/1NaY+TRMa3vRg2YW1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28
PID 1056 wrote to memory of 1256	1056	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba3bee190e872f46ea6e8965e17f2d6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba3bee190e872f46ea6e8965e17f2d6_JaffaCakes118.dll,#1
  2⤵
  PID:1256