38f585431e56f0a4f8b76ed2b99f46c598eba7a587edcf77096c6f44297ef162

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 07:35

Target

66ae66e452e8adef9fe28536a592d120_JaffaCakes118.dll
Size

33KB
MD5

66ae66e452e8adef9fe28536a592d120
SHA1

d463ec23915ccdef5079fc65924b15f7c85cc7d5
SHA256

38f585431e56f0a4f8b76ed2b99f46c598eba7a587edcf77096c6f44297ef162
SHA512

0e6b7b6ba2b92e2a3692d74269639c09488b401e7f97d92ab5101e82ae878bbb10231d3f9b22635c77821e4fc4eea1494735d7ef59363d89f66ccf3b881b4638
SSDEEP

768:if/fosuj44q2F3FLBa7H7Qt7kZYnhYDLRKkS4:4nozB4bY7kZ0+vRKk1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29
PID 1656 wrote to memory of 1272	1656	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66ae66e452e8adef9fe28536a592d120_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66ae66e452e8adef9fe28536a592d120_JaffaCakes118.dll,#1
  2⤵
  PID:1272