f20d41dcaed4031a076389770f9e917686016ba70f81131dc330586e8e1e1a48

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-07-2024 19:01

Target

5a0a28641cd0c4483a8190d8327cdea9_JaffaCakes118.dll
Size

1.1MB
MD5

5a0a28641cd0c4483a8190d8327cdea9
SHA1

738c682353513fd69ecd337f05bc991e4cafe1a1
SHA256

f20d41dcaed4031a076389770f9e917686016ba70f81131dc330586e8e1e1a48
SHA512

e6fba47344281e43955b411f770cea842573da1465313db403a283ae24d3b9ebf0996a9a47d961f7126e29e675da95dd0020d336c13afb4d83d65751e830eb16
SSDEEP

12288:rCg1g4Gk+wq91vw4viqm5nUXhvYZ4CqkEl+I0rgZ33hfzszUndVCKqcvqTwV:rTgUik4viqOUXhgLqp+I0sZBbckfCI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2316	1644	rundll32.exe	30
PID 1644 wrote to memory of 2316	1644	rundll32.exe	30
PID 1644 wrote to memory of 2316	1644	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a0a28641cd0c4483a8190d8327cdea9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1644 -s 276
  2⤵
  PID:2316