26c327aa94952bcb1153c4ceb33e6dfc0b5e9f20c858549251317fa7e9aaa129

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 20:19

Target

61410f495ead5c4a58bec825039fdb84_JaffaCakes118.dll
Size

122KB
MD5

61410f495ead5c4a58bec825039fdb84
SHA1

db654bc9a25f9a697d824f19f2792b790dc8b38d
SHA256

26c327aa94952bcb1153c4ceb33e6dfc0b5e9f20c858549251317fa7e9aaa129
SHA512

a520d4b7e3469587886a6d2591fc1e13db9bef565e9c336ace6b8596ef50587e5ee2a843e4bae8b90be8a476fa41c9157f8ae28ed8d8ced0ab30c2ab1275a739
SSDEEP

1536:AZwFVIqtQbFWSjOgz0Je+Y3biV2GMpT0elwjGfgoy:ONqtQbbRzWkiVts0eAGLy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30
PID 2568 wrote to memory of 1128	2568	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61410f495ead5c4a58bec825039fdb84_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61410f495ead5c4a58bec825039fdb84_JaffaCakes118.dll,#1
  2⤵
  PID:1128