a877f294d3d2bad81974d43ff2d647b700a37909eb04f5a9f02fcf7cb9531709

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 18:57

Target

2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll
Size

204KB
MD5

2944b8061882161ae4dc0ff46f0629cd
SHA1

0b4d7c41279cfb5f03d0fd4556a5697c3e0e1d63
SHA256

a877f294d3d2bad81974d43ff2d647b700a37909eb04f5a9f02fcf7cb9531709
SHA512

e6ea2ba38d15fc61b862e527f5d7426acf7e3c842bff47298d97258a25df73a0ae905a7b194f745944a6daa13fba386d28170d8bce1ab9b3c215a740bbbc7981
SSDEEP

3072:X2KfCxH7CWdU1dyDIwebgvX3xJO5bWzgMKdMI9ScclRQvm/0qHkcO5Vn6V4/8L4g:wGWnf3PWM9M8L45sq4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28
PID 1936 wrote to memory of 1040	1936	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2944b8061882161ae4dc0ff46f0629cd_JaffaCakes118.dll,#1
  2⤵
  PID:1040