cd1620b6ab141cfca868adc8e8882084b03ae57d69f5c758485642883c4df22b

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 00:51

Target

2e6ef7523595316f610e4351f5ccafaa_JaffaCakes118.dll
Size

457KB
MD5

2e6ef7523595316f610e4351f5ccafaa
SHA1

668de042b28e479c0d914cb3c66043017b26599c
SHA256

cd1620b6ab141cfca868adc8e8882084b03ae57d69f5c758485642883c4df22b
SHA512

3f714b0f64548c9750e89f8b47aedc2abf53fd352f55dc242ce1bfc13930e3d3f32121be3b8e9ac4f49edc2095035f9186008d99ee8911fef9e4a9443ad0a37f
SSDEEP

12288:66HTgzVOOn5N2CPH16khSL8NJTpdhnboYseGt8Y:5HTgztn5NtPH16khSL8jpdrGt8Y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31
PID 1948 wrote to memory of 1944	1948	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6ef7523595316f610e4351f5ccafaa_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6ef7523595316f610e4351f5ccafaa_JaffaCakes118.dll,#1
  2⤵
  PID:1944