24780d291d5034e24e94da55668a7aa0b332d1c1b06944634cf07b403d1b8980

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 12:52

Target

4b29df2dffa3c350dc7ecd3afa1164d9_JaffaCakes118.dll
Size

1.1MB
MD5

4b29df2dffa3c350dc7ecd3afa1164d9
SHA1

7b9fbdf1ebb1d561d433a9199cf38264df3693ce
SHA256

24780d291d5034e24e94da55668a7aa0b332d1c1b06944634cf07b403d1b8980
SHA512

b5aebde16c97140dbee24e5a4c7820c460037a4892d259845b4ebac5460dcf797bccfd5f23dbc0fb3a72941ced3ab2ee05ddc0b907589abcc3c60ee915256245
SSDEEP

24576:aIZ99QoYfrZzRokTtgqtkjuJD9Mmzuth1IyXfiHCtaqG5lm:t9ZY99okTjtkjnPth3XDtau

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 1660	2232	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b29df2dffa3c350dc7ecd3afa1164d9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b29df2dffa3c350dc7ecd3afa1164d9_JaffaCakes118.dll,#1
  2⤵
  PID:1660