d63cb68b6a94d327013651b675462f2f8fb8218310f5d68194e89fb27ff7edeb

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 20:41

Target

JaffaCakes118_d63cb68b6a94d327013651b675462f2f8fb8218310f5d68194e89fb27ff7edeb.dll
Size

36KB
MD5

450816f462d4ce02d1881970aaa90373
SHA1

4502254b7b3c1661a06cd6a3949a060f3f700776
SHA256

d63cb68b6a94d327013651b675462f2f8fb8218310f5d68194e89fb27ff7edeb
SHA512

6fa498516acaeeedddf73b8110a4e6c9c74d87cfe3ed8ad7fb7600fac45080f97d752dbda741a1cdd68613719719e66da2fad894fd820ee58e0f6beaa8646769
SSDEEP

192:hHVMfa7TTCjJSixzPSAA56RCK7Yu/VPgw3XBAQYfPq/3Kbr:h1Mf0gJSix2AA56RCiZV9GQYnq/6b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2304	2512	rundll32.exe	31
PID 2512 wrote to memory of 2304	2512	rundll32.exe	31
PID 2512 wrote to memory of 2304	2512	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d63cb68b6a94d327013651b675462f2f8fb8218310f5d68194e89fb27ff7edeb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2512 -s 52
  2⤵
  PID:2304