81e05c965d4141756e6477fb105ced1af0c57207f683576a4f8f87b939cf92ef

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 22:10

Target

f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll
Size

73KB
MD5

f470a810b7391146a65391d9390c0b3e
SHA1

6fbbbbfb8d19204df46cb7b45a797c04c137754b
SHA256

81e05c965d4141756e6477fb105ced1af0c57207f683576a4f8f87b939cf92ef
SHA512

1168266b29e78defbe8a257fa034d2689ef51bf85b340bffb4a21fed267cd94efd43dab519db9be1774567e748f98f67cf722561894e715619994325ea4443a9
SSDEEP

1536:Sjjl3nwzSuOqBubw/WgT6zMKAOK2lCWcQajhRuP:C5UOq0ukgOK2l7aFQP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28
PID 1740 wrote to memory of 2216	1740	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f470a810b7391146a65391d9390c0b3e_JaffaCakes118.dll,#1
  2⤵
  PID:2216