47b7e735173705ef0aa4208f6b2e273201ddc8814edfbd9b63a1153682d3e34f

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 08:56

Target

66ea0af484a3fd66427cb9b8608e5828_JaffaCakes118.dll
Size

40KB
MD5

66ea0af484a3fd66427cb9b8608e5828
SHA1

3e559c987aaafbce70dc525a4d6ff21194fa43cb
SHA256

47b7e735173705ef0aa4208f6b2e273201ddc8814edfbd9b63a1153682d3e34f
SHA512

f2431a84e317d010a28d89336effc84beac8c9d17245a21b51f94726d25793b924bfcbf175c2bc220c7098357a675796ea67683aa91ae4ba48ddec666dd609c8
SSDEEP

384:ZjzeDZ/5Nv+ppw04i1sZvN1Av0Qm0hCalDtW/Wi5Y:ZneDZ/7+Q0DY1Avm0h8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30
PID 620 wrote to memory of 1064	620	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66ea0af484a3fd66427cb9b8608e5828_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66ea0af484a3fd66427cb9b8608e5828_JaffaCakes118.dll,#1
  2⤵
  PID:1064