5a507aba07b487ea01cdf51b06ed437b7e9bbcb3e2ec6b25066ac3ca6868e6c5

Analysis

max time kernel
13s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 08:35

Target

66da02ab805cadb9a462b7e3cf508d8c_JaffaCakes118.dll
Size

75KB
MD5

66da02ab805cadb9a462b7e3cf508d8c
SHA1

617c22330e851910fdb78b165fb1e0568f5bc01c
SHA256

5a507aba07b487ea01cdf51b06ed437b7e9bbcb3e2ec6b25066ac3ca6868e6c5
SHA512

d305db5e74d361e380cebb05d43341b97c4cc307a096b4566dca36f563021f5de4ab9de3bbe4196dd5bbf46c72dc63e2fb3bd81f5603bff28c6b3a89dc867d14
SSDEEP

1536:bDp4oAXluVmEOr8/vid3wnSnxVhXiuKfzBvhxZvFjLcX3:PpfAXkBOWOCSVdiH/xZ5LW3

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29
PID 2476 wrote to memory of 2152	2476	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66da02ab805cadb9a462b7e3cf508d8c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66da02ab805cadb9a462b7e3cf508d8c_JaffaCakes118.dll,#1
  2⤵
  PID:2152