dd575e1eb80676cd928b0459163e83f1fa4ad6e97a076ba5a016935f464f4dc8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 16:37

Target

2d0dbb5df50b5a7d8295f453725d84fa_JaffaCakes118.dll
Size

60KB
MD5

2d0dbb5df50b5a7d8295f453725d84fa
SHA1

63899fb17c20ec8d41fe428daded94783e2a5a8a
SHA256

dd575e1eb80676cd928b0459163e83f1fa4ad6e97a076ba5a016935f464f4dc8
SHA512

5283614c6b925c2d7530f32e01c646c2a4bb4ab2ef1648b40f097c3c6b189c59c56227f6360977c264dc2eb9a9d31d09924c2066267fa0f712bb87f0a83786ca
SSDEEP

1536:oTU0TqHXwGKctS9KX+x5NKGeTdGh38aZl0YkKV:oTUcqHmKiKdTdZRYkK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31
PID 2452 wrote to memory of 2128	2452	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0dbb5df50b5a7d8295f453725d84fa_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0dbb5df50b5a7d8295f453725d84fa_JaffaCakes118.dll,#1
  2⤵
  PID:2128