03b0b5325fc8447eb7b3760e37cfead926dfee087ecb2741bb070b16ccc231e9

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 15:20

Target

63b5ddca4674f3a53f741e4b2a91e975_JaffaCakes118.dll
Size

7KB
MD5

63b5ddca4674f3a53f741e4b2a91e975
SHA1

9498d3e37ed6bfe4275feae82a394e45eb09f208
SHA256

03b0b5325fc8447eb7b3760e37cfead926dfee087ecb2741bb070b16ccc231e9
SHA512

c0612880a162f4e1a4d860f06bb7047c7f6da3a04cba228c18a03c8a5e7deba497a2a934e10b4045b509a48238060b6570e2ef7ba848985d40cc794ad44218a8
SSDEEP

96:+9RXVtx6VRBXEg/oNFz9/fKY+HMPFZdfH4+OqaavZEWFf93CGCRWw9vH:KZZkRFB/oDtfXfH4rqaav6Wt93CzRWUv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30
PID 1980 wrote to memory of 2688	1980	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63b5ddca4674f3a53f741e4b2a91e975_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63b5ddca4674f3a53f741e4b2a91e975_JaffaCakes118.dll,#1
  2⤵
  PID:2688