903fc511988e32b4156c90cffccecc1f1e21eb1c576d2592cf30cd704185923b

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 17:07

Target

ea7c3f41ea220d9fb4afb290d9449685_JaffaCakes118.dll
Size

73KB
MD5

ea7c3f41ea220d9fb4afb290d9449685
SHA1

e2b1cd72022efa9b827a0649564c2086cd8a8937
SHA256

903fc511988e32b4156c90cffccecc1f1e21eb1c576d2592cf30cd704185923b
SHA512

c647a1d1dcf9f82fb713d74c54f17df5ed7a0d26e62a713c58933a7165ce2e1a20339e74967556ed7441dba3b2ebfa89cb9b5a08f10f17c97804b32e29ea5282
SSDEEP

1536:jyXDOMOs93BPgnzy059G6kgh3nH2ZHFSR+isKTL3oQ6I:mXSFu6nzS83YlSbwQN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28
PID 2184 wrote to memory of 1700	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea7c3f41ea220d9fb4afb290d9449685_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ea7c3f41ea220d9fb4afb290d9449685_JaffaCakes118.dll,#1
  2⤵
  PID:1700