0600907f57cea3ae8a80809c6e5585c9347fd20298fc01ce847ca08a74bf1928

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 19:23

Target

8814710ec2e2e8dbadf15c4c6bde1f17_JaffaCakes118.dll
Size

1.6MB
MD5

8814710ec2e2e8dbadf15c4c6bde1f17
SHA1

00fafe50d2f0858debb0fcd22738f0feab9bfc56
SHA256

0600907f57cea3ae8a80809c6e5585c9347fd20298fc01ce847ca08a74bf1928
SHA512

e71626674ccd0fd982c6b1842ac5799a579df93deed46b1471547253ac5ecf9b798d2cb6b9f8bdbcb0301e261886605b9b0c1148431d37d09f879741e82a1dd4
SSDEEP

24576:rEQ6kY99wyu+pS0+M3tb0pvaep5ZouArllsQUfIKKuZAP29gODaQMF/u/KY3c:g9wyu/0J3tCieDC1/sQxKbNAQMF/uTc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28
PID 2344 wrote to memory of 2220	2344	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8814710ec2e2e8dbadf15c4c6bde1f17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8814710ec2e2e8dbadf15c4c6bde1f17_JaffaCakes118.dll,#1
  2⤵
  PID:2220