7a6c877b03f9cdceb64c47067f5eb09d31ad4393f22256a8c69d602a9e11b31a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
11-04-2024 10:40

Target

ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll
Size

94KB
MD5

ed3b65b173f12527d874cc1e2f8e6b19
SHA1

6e03c75ff58717deadfd0b875af98e5637738972
SHA256

7a6c877b03f9cdceb64c47067f5eb09d31ad4393f22256a8c69d602a9e11b31a
SHA512

c04fcce2beb37a7627c041001d88a0445a8c782b383e5af5ff147feafc0d3c68dd631a97d897ac0862c0d09239961df157b277b6b1d26c650f32ba238c2b7535
SSDEEP

1536:7/RIGXRSo70vVqCH56LNVF/lGuDXjieH6gQaSmrgcCfQsexjdLVkKq1wkumsxk:7R7ookohDX8gQaSmrglQsexjdLVs1wkx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28
PID 2372 wrote to memory of 2684	2372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll,#1
  2⤵
  PID:2684