12962aef4503375ca63a4f324910a97f063e35125206461d92aa3038013b5eb0

Analysis

max time kernel
16s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 00:04

Target

2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll
Size

40KB
MD5

2e4ed03c228fa12890f9843d2f9b3e17
SHA1

cc2fcea5fe2345133257bc45505bedca3a751d02
SHA256

12962aef4503375ca63a4f324910a97f063e35125206461d92aa3038013b5eb0
SHA512

f6ce7065e5aa705f69d4bd4ebeb8201d1f837a8db5accd12c0534195505f797923bfc44e57be75549a73c6897b1c9da68baeec52c37db33d1c11f575006b3c06
SSDEEP

768:Ax8RDiAPBZEQvJf7eAO7wTEpSoX+hP6fWBoREfT4T/ZQ:AxUDJvJfKn7wTuluhKaoRiT4Ta

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29
PID 2840 wrote to memory of 2336	2840	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#1
  2⤵
  PID:2336