88870e7771e3071f41186f841b2084dfce179d7f44b711436e4cc804fd48e2fd

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 19:18

Target

ebcd1a6c0e046c2adaa2602986ef6dec_JaffaCakes118.dll
Size

6KB
MD5

ebcd1a6c0e046c2adaa2602986ef6dec
SHA1

9c17b573a792fab15ae8cccd3b545346b54392b1
SHA256

88870e7771e3071f41186f841b2084dfce179d7f44b711436e4cc804fd48e2fd
SHA512

e7acae1db8a52a7d92470b0d17db6ec1c86183b5b3415b22365f86f26a103828a21f9e09952d51c47c1ec143475e1da9b5aa088d246abfc4f27b4eb0c10e3a84
SSDEEP

48:6EQt5YVOSVVEPy+wEMmqiHNpU10cB+BDq9J5SV3DY:CSVVEPozmB7yB+FqX5S1D

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28
PID 1600 wrote to memory of 1920	1600	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebcd1a6c0e046c2adaa2602986ef6dec_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebcd1a6c0e046c2adaa2602986ef6dec_JaffaCakes118.dll,#1
  2⤵
  PID:1920