b2c364d19e09bea62ba3df3d20cfc6f48bea795851ec6ba9ec8a230fa274f751

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 14:14

Target

5c49aed605fed20e3f3e52475960f5db_JaffaCakes118.dll
Size

296KB
MD5

5c49aed605fed20e3f3e52475960f5db
SHA1

1faec24983e4058e70982a1a0fd0963e1bf278d0
SHA256

b2c364d19e09bea62ba3df3d20cfc6f48bea795851ec6ba9ec8a230fa274f751
SHA512

ab1e79ce76cd36aeb849ffa7afe321552e2ba20f913251ad44e305f90ce2d82fba37327400ace2097c2230b7d2c581cc2f1a4fa7bc50086f8b47d8d2b584cbe1
SSDEEP

6144:wlRc77+muzSa8ZkA9GopDyniu403dIhycW9:wly77vuzSfNGoYn7X

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30
PID 1624 wrote to memory of 1496	1624	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c49aed605fed20e3f3e52475960f5db_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c49aed605fed20e3f3e52475960f5db_JaffaCakes118.dll,#1
  2⤵
  PID:1496