11945ff02e84d7244bfd021a511037b3fc2b22e0cbddd9c63aa074308812d85d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 10:38

Target

2eb4d8cda864786761c6983bb608ab38_JaffaCakes118.dll
Size

212KB
MD5

2eb4d8cda864786761c6983bb608ab38
SHA1

b17acbada03fbb0a84e4d8098e41fd16ca8dcf03
SHA256

11945ff02e84d7244bfd021a511037b3fc2b22e0cbddd9c63aa074308812d85d
SHA512

b06cc9e1ba2d265845b202fe2dab380208cdfc5cdae04f7f28d29150bed30c79422058f8a33d632a2a6f3e1713db0d322706da3ae593b43ed42523c1c5eba232
SSDEEP

6144:gljjGSNj4hU7oY8J3l6d0nU3JAEwVwUrTUnFXK:gljjGSNEW7o0zZAE2rYn8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28
PID 1852 wrote to memory of 2072	1852	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb4d8cda864786761c6983bb608ab38_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2eb4d8cda864786761c6983bb608ab38_JaffaCakes118.dll,#1
  2⤵
  PID:2072