2d18728c844f838236422ae4a494cee2a4935558980ba015e7bce5d0e60543ac

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 11:08

Target

2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll
Size

72KB
MD5

2c18a324aeced6427791f27fb34db921
SHA1

6e8b9d3f5edfd531d898388d36cd52b1fc44a1dc
SHA256

2d18728c844f838236422ae4a494cee2a4935558980ba015e7bce5d0e60543ac
SHA512

ae13b80df50c982c2e2c296f01733f7206a360d7ac11c2dcfbca628b535a0595e38d09961f8a2ab9193670a9bad90896c3928da1c7061285165d2479410184b2
SSDEEP

1536:WmVX3h8CzZ5eE9qHfxGsPTupNY3qWZT6+GEZ18bYkgjxo8H4rMFM:/n3zZ59aZZTt5jxo8YrMG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30
PID 2644 wrote to memory of 824	2644	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll,#1
  2⤵
  PID:824