e05cd7b098b11c67099da798d743fd088aeb80ecced5870cb1ebeb3407ff596e

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 10:38

Target

ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll
Size

17KB
MD5

ff16eba60a939dccb2d8a8e82e242a82
SHA1

78d8d857b3f311b62b1a8ca19c991ac99f56f0b5
SHA256

e05cd7b098b11c67099da798d743fd088aeb80ecced5870cb1ebeb3407ff596e
SHA512

f54123eac948143c043d980bb4941aa375d1858edc364da9a640bd4285902ab094daba672ec18967f816f8af5a4d5381277fa7f49da971a595740d118b6038ea
SSDEEP

192:OXtTZ/GhTL/3/ivu1PDAwb2r8zOfQBwX8+7WCfwrcW9+tW3C8u:sEv/vrFbxK4BI8+7RIgWgtWP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28
PID 1700 wrote to memory of 1704	1700	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff16eba60a939dccb2d8a8e82e242a82_JaffaCakes118.dll,#1
  2⤵
  PID:1704