5918346e12dc46ba641189482992b7f82274fc05029716fd04bbac37d0e464bd

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 22:42

Target

61b4a19cfda17fb4ee66d53b62283ab6_JaffaCakes118.dll
Size

101KB
MD5

61b4a19cfda17fb4ee66d53b62283ab6
SHA1

f8dff5c44b0436f1828930b2ccdc61eb524e969c
SHA256

5918346e12dc46ba641189482992b7f82274fc05029716fd04bbac37d0e464bd
SHA512

5a7656cd68bc4aba4f3e2ed2fe6c2de011eb71ff6f206f3f9a6e479beb75f08b4268a0abb84d52c490246b12e664b2393e15f22bcfc6f4e716cd8a39f20f05d3
SSDEEP

1536:47tCr4fRbd/yAJK1L8GoiqeBCJ4jPERbSQZgCIFm8ymk8D/fCXXUBH9F:4ZO4Rd/yv8GoZegvVSbymnDSnyHn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30
PID 2756 wrote to memory of 2584	2756	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61b4a19cfda17fb4ee66d53b62283ab6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61b4a19cfda17fb4ee66d53b62283ab6_JaffaCakes118.dll,#1
  2⤵
  PID:2584