ca87c441800c98e4b4b52f3c913ecb0dc1aee1f46444783e87b4626988a9c452

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 15:10

Target

5c7a318fd1157133a9ac18cef78c1e48_JaffaCakes118.dll
Size

44KB
MD5

5c7a318fd1157133a9ac18cef78c1e48
SHA1

cd13424c0fdb16066edbbfbd4d633cab04052e0e
SHA256

ca87c441800c98e4b4b52f3c913ecb0dc1aee1f46444783e87b4626988a9c452
SHA512

475989a8800dfc76c09c1dd6a17d8dac1666c420b38244949c14cc78e43fe560ee702806fe6276b882287f254b667b7d04c9b8bf26bd1581c7b60c29bdd15f5c
SSDEEP

384:1MlZbEfEO5WKwc3DFYXlamG2q0PbaR0CzecGudhdkOTWCG:1MzE7W9c387zeLTG4hBl

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30
PID 2372 wrote to memory of 2672	2372	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c7a318fd1157133a9ac18cef78c1e48_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c7a318fd1157133a9ac18cef78c1e48_JaffaCakes118.dll,#1
  2⤵
  PID:2672