31ef01f58b85c1eaaed3263e0c6b6de4353406a6bb175519f7d1efc0ddb5a1e2

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 22:45

Target

651841449a3e58334caf5afd88dbb15d_JaffaCakes118.dll
Size

470KB
MD5

651841449a3e58334caf5afd88dbb15d
SHA1

9a8bdce7b0130c63e48c581b9b13cda7a1a170ed
SHA256

31ef01f58b85c1eaaed3263e0c6b6de4353406a6bb175519f7d1efc0ddb5a1e2
SHA512

681920ede0d8afd554a7077b9c4b50d63c975aca460ae0dc0f4a5236d1d24bf7b9bca1254372354f87c8c4165b468d3f5853c21c143635e90bf8d7a1afeb0c57
SSDEEP

12288:p1WEUc0wRDAdki31tZzw5CiHUWafhsXTo86XwE:PlUTiAa0mwhfhsXTV6Xw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29
PID 2364 wrote to memory of 2560	2364	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\651841449a3e58334caf5afd88dbb15d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\651841449a3e58334caf5afd88dbb15d_JaffaCakes118.dll,#1
  2⤵
  PID:2560