9f377f6e09f0d0f3b8f0dba5c0efbeb909c664243fac635ccea2be107486c4ec

Analysis

max time kernel
10s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 16:37

Target

2d0e7429bcdccea9d70f84b1b01c3549_JaffaCakes118.dll
Size

41KB
MD5

2d0e7429bcdccea9d70f84b1b01c3549
SHA1

ccfe03ba3e52abee1b339bb17a10ef0744e1aef3
SHA256

9f377f6e09f0d0f3b8f0dba5c0efbeb909c664243fac635ccea2be107486c4ec
SHA512

624ca746da8515f0eb42b1c1552cbe43a787b153419640f6e4e8c301103ef00d9b23750bf92c7349e2fc45280c9dc2898c9efb880ace13dad79f99d869c6bb7b
SSDEEP

384:yBlbqr/fxQ0M9c9XNFtgHw36jYg2IIC3G974sD/77quBFdAAg+awpJKRkWXypTCv:oqbpQ0nPK6ID3Gj/7Hh2+hP6kWBJRoe

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29
PID 2884 wrote to memory of 2336	2884	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0e7429bcdccea9d70f84b1b01c3549_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0e7429bcdccea9d70f84b1b01c3549_JaffaCakes118.dll,#1
  2⤵
  PID:2336