0e14936eddf5e9f42517423119eeed2efc8fc624685726e591f803872bfd7fe8

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 07:13

Target

f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll
Size

845KB
MD5

f2f7eb55c84100d57a6cdfa1bdab3a83
SHA1

abcdf1cfbaac95334e4047bc91adfc4831c8edaf
SHA256

0e14936eddf5e9f42517423119eeed2efc8fc624685726e591f803872bfd7fe8
SHA512

5d5000663be7b05fe83f909552f965fe197a08a6dfb7763f511a09eac94813db9484c1b1ea17e69371439929c1c215be849d188f7a11fefa8b0a69a5c1930723
SSDEEP

24576:XNmaEpDRpG7G7ND08mR1QEiHG/d76txV/b:XbEdzfkR1QEiWdOtxVT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28
PID 2204 wrote to memory of 2160	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f7eb55c84100d57a6cdfa1bdab3a83_JaffaCakes118.dll,#1
  2⤵
  PID:2160