5192eaabe86128836f60bc77a7c2fc12127719c25e00c7cadfb628b81f98dc72

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 16:32

Target

2d09bd9fee19ffb30f594483d96454db_JaffaCakes118.dll
Size

30KB
MD5

2d09bd9fee19ffb30f594483d96454db
SHA1

f834cdaf35c7b5bc1cfca7b6c7f117291e3f9678
SHA256

5192eaabe86128836f60bc77a7c2fc12127719c25e00c7cadfb628b81f98dc72
SHA512

75a1d74740035c0dc41771ac50a5832e8d81d4cd9573131f3a41cc68c55768acda1e13116d076f89005b7ff89d575c9655a331745083c83b8d47dcc5212b1177
SSDEEP

384:T+dpEPaVyDuutSvSHcvOANHIX95wCI1E5OtDUt4bV9j2T3Crr3VJyBr2lT:TopEPiyDOqHJXoXDU0m3Crr3VJ4mT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30
PID 1728 wrote to memory of 2688	1728	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d09bd9fee19ffb30f594483d96454db_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d09bd9fee19ffb30f594483d96454db_JaffaCakes118.dll,#1
  2⤵
  PID:2688