216ef4a1e6adfca2d18db03269537e535f00aa774c8f6da1f9b5fb958824532b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 11:44

Target

fcb1e878ea27c80a60544b9260121f8b_JaffaCakes118.dll
Size

179KB
MD5

fcb1e878ea27c80a60544b9260121f8b
SHA1

28910611b7d305d1f2aa29457bf6b021716aa13f
SHA256

216ef4a1e6adfca2d18db03269537e535f00aa774c8f6da1f9b5fb958824532b
SHA512

55d4524b5659620b74c4ed989b05c61bd11d7ae83661c66bb5f769696d7c777a58cc7fb07865478945f28fb87d66462ea52b515dccf7e2fcc91a3726ffbdebf9
SSDEEP

3072:B0cj6UPadteyynSC65zjOuhwx3QSX+QbECUckZyWv:B0c70tVvadbIZhv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28
PID 1544 wrote to memory of 2212	1544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcb1e878ea27c80a60544b9260121f8b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fcb1e878ea27c80a60544b9260121f8b_JaffaCakes118.dll,#1
  2⤵
  PID:2212