8f2a8b779eadb9cb15a0260e0c38946bcee3da4f620e1ba16038fadb5db93475

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 15:33

Target

5c8caa6a282607572d956fd12c0b7759_JaffaCakes118.dll
Size

136KB
MD5

5c8caa6a282607572d956fd12c0b7759
SHA1

04f418da60193260afe23e87208ece3a87d059db
SHA256

8f2a8b779eadb9cb15a0260e0c38946bcee3da4f620e1ba16038fadb5db93475
SHA512

4c3cd2fc888a6979a2be861d479245fceb6bb7d5bb4959474b3e81914e450ad31cadb20ed75b6ebe2287d793de0b944d713b10bfcb175909a8c932516c42a2cb
SSDEEP

3072:0Xhwt++m8oCpsfTNI0bmY4/RNt+K5WoXeIp:4j8JsfTpH45NtH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30
PID 2036 wrote to memory of 2084	2036	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c8caa6a282607572d956fd12c0b7759_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c8caa6a282607572d956fd12c0b7759_JaffaCakes118.dll,#1
  2⤵
  PID:2084