0cd3cbeae21e977586287617e73d04f26de0df4e9a7f15a5293888f7f887e185

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 23:04

Target

3258b5d0371dfe4c3e86abfa3afb3efe_JaffaCakes118.dll
Size

78KB
MD5

3258b5d0371dfe4c3e86abfa3afb3efe
SHA1

d77defbad0c89ec39d04cca4f6c105affcacdb50
SHA256

0cd3cbeae21e977586287617e73d04f26de0df4e9a7f15a5293888f7f887e185
SHA512

ea79fe513e4a394f4b8c1c4eff3e1c8ed7f6aee4ab2a739a646c6c67ce9063b9176338b90f7e0d1c4b71ec2194a3805d8c6c803076b5ca26c34f2245a986c4a4
SSDEEP

1536:TkgDW0KqUojXDS9omVhT1Rl8npN1kUCmefDH7RHLoVtw3woZNVWpvmhuQlhViP:NDWkjXDSRB1kpNKUCm4AtsZZNafzP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30
PID 2484 wrote to memory of 1512	2484	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3258b5d0371dfe4c3e86abfa3afb3efe_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3258b5d0371dfe4c3e86abfa3afb3efe_JaffaCakes118.dll,#1
  2⤵
  PID:1512