482ce8488265b9a10eee54f4824cea78f5c10a1fd4f691a65253e00154652d03

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 23:51

Target

2e45979839954cf708add5070bb5dad4_JaffaCakes118.dll
Size

32KB
MD5

2e45979839954cf708add5070bb5dad4
SHA1

d3eca87a64c7f3ce6da1c6fb978e14c7d0699f75
SHA256

482ce8488265b9a10eee54f4824cea78f5c10a1fd4f691a65253e00154652d03
SHA512

f162b07c32a64048836e39d974d09cb647dbb7b4545e70b3c9f12922fac147634c0948ea8916b6ea3e9e2f86dbcb042e55eb80694b50ce35a569c551c46aea18
SSDEEP

768:gIh6p/HSZlfvKppbJ17vyfrxOVOGKLRqMjGf:F6pNppj7afryERqMjGf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31
PID 2704 wrote to memory of 2752	2704	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e45979839954cf708add5070bb5dad4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e45979839954cf708add5070bb5dad4_JaffaCakes118.dll,#1
  2⤵
  PID:2752