31f5ed2b92ca3089369502713b12c608137c3bd5fa9ee7d15a5295dc43963b64

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 18:29

Target

9730243830f7abb7624ea745994b2480_JaffaCakes118.dll
Size

1.4MB
MD5

9730243830f7abb7624ea745994b2480
SHA1

c2f205c29e22d8fd7a5f10eb78596c8cbbec9cf8
SHA256

31f5ed2b92ca3089369502713b12c608137c3bd5fa9ee7d15a5295dc43963b64
SHA512

898cd5e662a448e30cd0fa22a00e54564d6f949d24b8b6a14a931fa981c9df57794132aff3b9bb638f49d3e5f05e55602479da58a8ef857fd66bcaba413e01ad
SSDEEP

24576:0+q77bsphPQil6bRge5ey5aFTmboyRSpg6vMwie+iXh+8yc:0+qzsphPQK6bX5N5aAwpwkBy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2252	1984	rundll32.exe	31
PID 1984 wrote to memory of 2252	1984	rundll32.exe	31
PID 1984 wrote to memory of 2252	1984	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9730243830f7abb7624ea745994b2480_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1984 -s 52
  2⤵
  PID:2252