ced5f3787b7f52972d493d1c71048f349888433f7f680ce147077cd71639d6c0

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 11:54

Target

2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll
Size

23KB
MD5

2c3f141d48ff7e930a60ea2564001d11
SHA1

be18e088bcc2c5764a6e4190a6bc8a8dacd82759
SHA256

ced5f3787b7f52972d493d1c71048f349888433f7f680ce147077cd71639d6c0
SHA512

cb335687545e444c44e53ba3a83b26fd411c549d0786fc3b37223d1e3b0a240d287261017af9bff765da0504bfd7598a206c44d5f1c21747c619236b1d5772ec
SSDEEP

384:l5cQp6Z8D2bZhp+1sMBGVrc+wLiVKfggk7KfH082MhqEGKwFIUm72:LkuqkHBGRcnLSdgk7M0grwFDk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30
PID 2432 wrote to memory of 2192	2432	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll,#1
  2⤵
  PID:2192