314753896ff6c50a98cff3817c9f71f6457b120c10e535fb66bc36f6a8f102c6

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 12:47

Target

2c673186d443250e5d4c27d31ef8c1bd_JaffaCakes118.dll
Size

280KB
MD5

2c673186d443250e5d4c27d31ef8c1bd
SHA1

37b33dd5954b02231dd38e9b23d97dc9e994bc9e
SHA256

314753896ff6c50a98cff3817c9f71f6457b120c10e535fb66bc36f6a8f102c6
SHA512

4422ca03d338f67d96e89a0eaed861dfd2e3c410e6fe96fc97633fe6f9dc342bd5497b86ed41b020b4da117f10e722ff48be66f465abd10949bddf1a247bb2b8
SSDEEP

6144:IQjTHgAXavCACT1JBNBAcYZkXznss27Ing93JWI0:fYZkjnss27IngY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30
PID 2532 wrote to memory of 1696	2532	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c673186d443250e5d4c27d31ef8c1bd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c673186d443250e5d4c27d31ef8c1bd_JaffaCakes118.dll,#1
  2⤵
  PID:1696