1497c06f52984a76a1f3ca23ba0b3739abbba3ef5443d5d1855a3c3f37881127

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 16:38

Target

2ae50da8e5a890db1a49d73e693267f9_JaffaCakes118.dll
Size

504KB
MD5

2ae50da8e5a890db1a49d73e693267f9
SHA1

44f463466ffa40f1337fabf5b7a0ea7a1be26ff7
SHA256

1497c06f52984a76a1f3ca23ba0b3739abbba3ef5443d5d1855a3c3f37881127
SHA512

e4a894b38a7a67440704845f7d3125b62100099723692aa26cb0c2e0556c868254f761d54a94083881dce6f1941c851f29341a98feb5ae908ed97919b2a7fae4
SSDEEP

12288:xKmeo7uDP5DAsVk2Q8bm2FyzN+SSdojGtRONS:xODjVCz9Pg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28
PID 1936 wrote to memory of 1944	1936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ae50da8e5a890db1a49d73e693267f9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ae50da8e5a890db1a49d73e693267f9_JaffaCakes118.dll,#1
  2⤵
  PID:1944