0cbfc8e200605126b802cc50005cf9f46310ba69e5e19c8d7e6324a91446f07e

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 18:15

Target

816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll
Size

284KB
MD5

816e573ee9272eb771cdfff05ecbad55
SHA1

c6a2df47312fc141019bf6e27c96e71701b8edc3
SHA256

0cbfc8e200605126b802cc50005cf9f46310ba69e5e19c8d7e6324a91446f07e
SHA512

33e5ed976b1429108497dc6137b45d96ce4410213e8395b91e51dee7ca401e29cdc8bb2aaf7742770589825022d8bfe17c79df8b67a6b01f4777c39c64a9097c
SSDEEP

6144:OwSDVSGloBLJjp7iEFfjeuHSxgjRxuShjFfUR3PrBtyx:sxlowKfiNxgjRICx03PrB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28
PID 1964 wrote to memory of 2512	1964	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll,#1
  2⤵
  PID:2512