2057816c4170fa3cef69ba4751fdfa5b28f0deb2604e7aea4598576c5a23c454

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-05-2024 10:19

Target

297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll
Size

1.1MB
MD5

297f3beb9c3b749637a4d519029e196f
SHA1

b8bdc52e9bf3efb86ceae2e055705b759d07a988
SHA256

2057816c4170fa3cef69ba4751fdfa5b28f0deb2604e7aea4598576c5a23c454
SHA512

5f3d70825ce4c69e27f6c469795e3886389c5775e176eb8b40e5219487e5a9841b81c8c2b0f7a0aa08c67313f01ad7e3d0533c95018b7a1a682c2ac110c98bba
SSDEEP

24576:eUxnFN+kYwA7HZvzpTetpJssJTe0EAey8KXLJfjiR2INK3S:Dn5YwK9tOJ99KyBjitV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 2240	2112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\297f3beb9c3b749637a4d519029e196f_JaffaCakes118.dll,#1
2⤵
PID:2240