553c8ad5b99c5047292211615eb545c99a07e7629075eeb41caafce0dbed7c2d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 01:40

Target

fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118.dll
Size

92KB
MD5

fe2289a43c9e8c58dd57c1887f025bc2
SHA1

d69f1a2f77a8f18ea1b56583a39446682a21cc16
SHA256

553c8ad5b99c5047292211615eb545c99a07e7629075eeb41caafce0dbed7c2d
SHA512

01cbb8de72db29b71d154e07c2ca7f77c8960c9504eac4688d0b1ad2eb03ad1243c2b2b98af3805b6dd2e2c14155abae975a0d0cefa1d1b14e0f7136d3aaf635
SSDEEP

1536:WWYnUICHiZGI6S0PxjbGZaDXuwL5n/NzJirLjm+4QtHr5Vh0M8l3lbQF8NDJmnOK:WWh5S0Pxjb/h5a+QtHr5Vh0MQIi9mnOK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28
PID 1912 wrote to memory of 2196	1912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2289a43c9e8c58dd57c1887f025bc2_JaffaCakes118.dll,#1
  2⤵
  PID:2196