2176c0b8e898d8e85f46547e73a8c80aea414afc266d2420270c3d48467b832d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 18:32

Target

87ef02a475b93551c50731f2d8d10156_JaffaCakes118.dll
Size

503KB
MD5

87ef02a475b93551c50731f2d8d10156
SHA1

e4a0f766d949bf57badc1ee07586b284585bceaf
SHA256

2176c0b8e898d8e85f46547e73a8c80aea414afc266d2420270c3d48467b832d
SHA512

44cfeb4cb9890a030ee8a66fd3dea8d0900a910b28b027ad81493e0513dc2f21f8261a767efaf549833a2981d35e3e84dfe1cd7ffc1262e96b87464157274577
SSDEEP

12288:wBjZqL9hDvCnWmKGu14RHuqYq3wg/VurtRVNy:w6CWm37RCY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28
PID 3008 wrote to memory of 2092	3008	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87ef02a475b93551c50731f2d8d10156_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87ef02a475b93551c50731f2d8d10156_JaffaCakes118.dll,#1
  2⤵
  PID:2092