0f22e5af9e1146e40171960269c85b5b1d9b16c835aa36be547bb474e1a86e2f

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 09:14

Target

2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll
Size

501KB
MD5

2945ebe3fddde4fb7d4736b6f13159b5
SHA1

0aae10836d6863cd360db735098bce11de7909e1
SHA256

0f22e5af9e1146e40171960269c85b5b1d9b16c835aa36be547bb474e1a86e2f
SHA512

02592f71b68912f1fac6bce386b59509276763f10066a9eb65d1acdd8b7f46be274976540179ceac73151d544f9cf16a5ce93333fb87ed196098e6f3c5e2db32
SSDEEP

12288:NUgXWjuyTG6bs21Hb7sWrQfnGoDdqUuw/uBETaB6UbAbT8:BWjuyTG6Y4H0EQfnGoDdqUuw/uKTk6Um

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28
PID 1864 wrote to memory of 2416	1864	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2945ebe3fddde4fb7d4736b6f13159b5_JaffaCakes118.dll,#1
  2⤵
  PID:2416