6576d6d8e0527cdd2b5971a53ed1727f931b5585744f02f203954a0fdfd3a185

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 06:52

Target

279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118.dll
Size

248KB
MD5

279f4702de28ca6615d92d98a7b59cd5
SHA1

fc5f9f504ffd8ffc0866a49b512293241c1efa96
SHA256

6576d6d8e0527cdd2b5971a53ed1727f931b5585744f02f203954a0fdfd3a185
SHA512

887f48221fd1e7d07024e6a7629dd3b8c17840bc719ae5d0e52f553969b66fa029202a0473f230a190e08c61271a294dd527d4e324dfb1b21a97fbaee8cfc4b4
SSDEEP

768:JljRgsh14J5lqVSWO4QpdpX7ybpoBoVffmDAbmBBQARQkEmMXvP1:zjRgshCA5mDAbmBBQARUmM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30
PID 2772 wrote to memory of 2832	2772	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118.dll,#1
  2⤵
  PID:2832