dce2b6e47dcdda7b73992002b2bd9ccdae5873c3040c4148985c51991cc27d59

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 01:54

Target

e8f209902cf0067bdf3bb1359150ffd4_JaffaCakes118.dll
Size

19KB
MD5

e8f209902cf0067bdf3bb1359150ffd4
SHA1

1f1d18c31004fec8b7534d196f6835aa94a2d8c6
SHA256

dce2b6e47dcdda7b73992002b2bd9ccdae5873c3040c4148985c51991cc27d59
SHA512

8a908f77d8e8a78df0ec7e0e824d9a1ba85aba170438c3a514318a21b2882f72bc6dd7a290c659aa8aa33696a982666ea4a99ee6ca818248e02905c30cc6de23
SSDEEP

384:VsIS6rfVgB8Dvhn/B9aBzZcwF31ok/+gZjAAjkFMfXzRgLlv4ut:wB8Dhn/B0ZxFCgP4FMfXKdt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28
PID 1704 wrote to memory of 1468	1704	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8f209902cf0067bdf3bb1359150ffd4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e8f209902cf0067bdf3bb1359150ffd4_JaffaCakes118.dll,#1
  2⤵
  PID:1468