203d59f1592e96dc555f6d6cd456edb191667cb9d20ef8b34bf9bf80fbca1170

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 20:41

Target

42fc5fb2ba61327f53276f3ac58584f7_JaffaCakes118.dll
Size

2.0MB
MD5

42fc5fb2ba61327f53276f3ac58584f7
SHA1

96ef6afa4282096c9d99dbffa3f4d19bc42dc98d
SHA256

203d59f1592e96dc555f6d6cd456edb191667cb9d20ef8b34bf9bf80fbca1170
SHA512

2910e1bd8d889243a2cb4b36084f39c719498faf0308d6148bf1e85c2a4f4e91cc00aa75a10a7eadcbdb7d3752b7a9085746b5f49982a9869af009935abd8cd4
SSDEEP

49152:86VbUnVXkMTR66PWrRIPb3v7kUC+VvTiYQzJluUy:onVP1krRIzvjCa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28
PID 2896 wrote to memory of 2072	2896	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42fc5fb2ba61327f53276f3ac58584f7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42fc5fb2ba61327f53276f3ac58584f7_JaffaCakes118.dll,#1
  2⤵
  PID:2072