052b2cfaafd3e657935077e43ddbf2fe84558ddf3143ffbe0b8c028548b232f7

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 23:48

Target

0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll
Size

1.0MB
MD5

0ce57e90c615bd156c5b9a9059583ff9
SHA1

04d000ab4966dad8c132496032075a74dbda73af
SHA256

052b2cfaafd3e657935077e43ddbf2fe84558ddf3143ffbe0b8c028548b232f7
SHA512

9b2c8bba908be7476c6187aa773195d46c42fd55bce8ef89581230f847e787c89813165035e906148b33148683dbf465c0d0f1ff2519163c1992ffe5c6003f22
SSDEEP

24576:ECChy5r/9A9+tYO0AqNzg89etxmL8Guyxe:LP/9Abzg89RL8Byxe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe
PID 2868 wrote to memory of 2972	2868	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ce57e90c615bd156c5b9a9059583ff9_JaffaCakes118.dll,#1
2⤵
PID:2972