e9762a10ed85605589975a24813ceed6a4f879462ff94ee332fd4d40b9c16db8

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 09:52 UTC

Target

4a7eebc0feafb42e057c0d703466ee1b_JaffaCakes118.dll
Size

910KB
MD5

4a7eebc0feafb42e057c0d703466ee1b
SHA1

e6c020f1fc8629e00b2782cbff33b191acd7b6b6
SHA256

e9762a10ed85605589975a24813ceed6a4f879462ff94ee332fd4d40b9c16db8
SHA512

c98b8773da025cf406a2a1f3dc9093daf89179eedd846a55454b2da0627272d63b3cc4fed1e315c215351c76fa1acc1ad1f4ee8e205c37dd8414ff20a9f04dc2
SSDEEP

24576:R9SowoHX3ugvqaZmXO3wG8i4pyTc23Ye:TKo33FTw24pY3Ye

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28
PID 2200 wrote to memory of 1036	2200	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a7eebc0feafb42e057c0d703466ee1b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a7eebc0feafb42e057c0d703466ee1b_JaffaCakes118.dll,#1
  2⤵
  PID:1036