156021c8cc72c13435ff01affcee1b5b648c5ea93007aa5663eec80a16dd8131

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 06:44

Target

JaffaCakes118_156021c8cc72c13435ff01affcee1b5b648c5ea93007aa5663eec80a16dd8131.dll
Size

40KB
MD5

57285626c40ca3ccf51cf28e15fcf914
SHA1

a9902ea223e5cdaf00f7d8472c77adfa4cbb0824
SHA256

156021c8cc72c13435ff01affcee1b5b648c5ea93007aa5663eec80a16dd8131
SHA512

bbe5169fafb4b6d999a911e765920412550c9aca5acb78cee7bb085fae4125f760f2b8fc4af1563e465bbc41f6c46bf02f70e95771f0db1624bcd0de9f582d56
SSDEEP

384:LnOKO6Y7MzPA8+5aAk617tBmgXvSYUGS3:SKVPzY3MjKtbEH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 3044	1672	rundll32.exe	28
PID 1672 wrote to memory of 3044	1672	rundll32.exe	28
PID 1672 wrote to memory of 3044	1672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_156021c8cc72c13435ff01affcee1b5b648c5ea93007aa5663eec80a16dd8131.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1672 -s 52
  2⤵
  PID:3044