24eb35fa5017de7ff813390d907046a8dbb52bdbcc5687ea8d2de77ae1bd35ab

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 04:43

Target

02e4f979ee7e46fad3e6f2e7c4166450_JaffaCakes118.dll
Size

33KB
MD5

02e4f979ee7e46fad3e6f2e7c4166450
SHA1

4d74aba8fc5933448f3358c4d4d6011998c89c70
SHA256

24eb35fa5017de7ff813390d907046a8dbb52bdbcc5687ea8d2de77ae1bd35ab
SHA512

1a45f5b301513e98ba909b9d6ac9e2b8c9dac1d0b8d1c9de5f681b869f2a298fa2862339aabd638a92741ec85617e758b59aff2efe0b67ce0b3d8dba2b37266c
SSDEEP

768:re4TH/zy0W5defiInLF5a/nAC+JLyrUUk/K:64fzyD5aiIZ5a/ACCCFF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28
PID 2540 wrote to memory of 1916	2540	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02e4f979ee7e46fad3e6f2e7c4166450_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02e4f979ee7e46fad3e6f2e7c4166450_JaffaCakes118.dll,#1
  2⤵
  PID:1916