8f7760e23f95888a0c2258d1d046830ea6ce6adc076d106a4bda680f189ee53f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 15:31

Target

63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll
Size

34KB
MD5

63bf67eb96e29102e5ca3c7e8195f614
SHA1

d1debf02a0cd556e03861befd33f8592c0e4e066
SHA256

8f7760e23f95888a0c2258d1d046830ea6ce6adc076d106a4bda680f189ee53f
SHA512

d784ded06695823bad2921cf1c20bfffd62c277f38d97416f417dd7ddc8dcfa8903f17c51d6166dd44fdd5d756724953908e2601964ed85e035fdd3ab63a7f5f
SSDEEP

768:nQmMc71Y7nda7FHTk12m3/W738HYKoOqhnPLRB1y9:QmMc7AWa12me738HypTRHy9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30
PID 2908 wrote to memory of 3068	2908	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll,#1
  2⤵
  PID:3068