a6eca927229e7358185c5cbc87008df21c13a6cc3c8441134fd7e43cbcb6b5bd

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 22:31

Target

2e0f3a816eaf6bc83a3432a7ecfd4b55_JaffaCakes118.dll
Size

56KB
MD5

2e0f3a816eaf6bc83a3432a7ecfd4b55
SHA1

53557f65339685b8eb9b92051d64b029f0662964
SHA256

a6eca927229e7358185c5cbc87008df21c13a6cc3c8441134fd7e43cbcb6b5bd
SHA512

9ba43328c14ce9de81ac056f617d293026cac1d2896f927aa3e7a0bc42bf4b64c84acffb87468c1e608cd055cfb8feff52d68829f62ccb959402becd22774de8
SSDEEP

1536:PWvlQPw5VKzy7ncRdEbp6HquCyYWfjEPH:PWOaVKGYbEbp6Hq4EPH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31
PID 2020 wrote to memory of 2600	2020	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e0f3a816eaf6bc83a3432a7ecfd4b55_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e0f3a816eaf6bc83a3432a7ecfd4b55_JaffaCakes118.dll,#1
  2⤵
  PID:2600