bc0d288110890412c91d267fd9255e2f7b4eb645724d952abe38b7585ece5d87

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 13:57

Target

2c9ce787373c66a9aa6a5ee00d3ac33d_JaffaCakes118.dll
Size

32KB
MD5

2c9ce787373c66a9aa6a5ee00d3ac33d
SHA1

5c59bb58964bd2d8dcc9eadb1e2d6758678d59c2
SHA256

bc0d288110890412c91d267fd9255e2f7b4eb645724d952abe38b7585ece5d87
SHA512

048ff633bf96776a59a6c41046ffe0dd822cb273f06cca571ddaa500268fde4011bf1201076edc2d072b7b0ab31276a449a01606f0417fca931851899bf55bee
SSDEEP

768:hMhqpHLSlNb31pbNG7v6fbZOVOQKTRqMuBkK:yqpA1pQ7ifbK2RqMuBd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30
PID 1200 wrote to memory of 2092	1200	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c9ce787373c66a9aa6a5ee00d3ac33d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c9ce787373c66a9aa6a5ee00d3ac33d_JaffaCakes118.dll,#1
  2⤵
  PID:2092