9319d33ae3675d3854442c79e5fe5899224aaeb6b11e760be11f10f955c2ffc7

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 18:44

Target

2d6ca8800f8bd2560a005b7b6238cb5d_JaffaCakes118.dll
Size

125KB
MD5

2d6ca8800f8bd2560a005b7b6238cb5d
SHA1

2536df7641ab837601817832c4e2a5b8dbc7a754
SHA256

9319d33ae3675d3854442c79e5fe5899224aaeb6b11e760be11f10f955c2ffc7
SHA512

8356cc1e349540ac7b0bbc34c7a482b96a09c09618056ea9c71a8c40bb6dc36c5135f263f11c5a23ce27748be736f799c9b7f96506643e7602ce57b69680a9fd
SSDEEP

1536:MDEFUawhF/H8fOddXSlhlyE8+EJP+YvbyasK5g2VX5Kn:j4D/cSdXSb0EKUYTHRgoUn

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31
PID 348 wrote to memory of 2152	348	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d6ca8800f8bd2560a005b7b6238cb5d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d6ca8800f8bd2560a005b7b6238cb5d_JaffaCakes118.dll,#1
  2⤵
  PID:2152