ce4f4e46994b2771e947be047b989433f9428299ac508d3a960db1b92a395961

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 02:12

Target

2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll
Size

78KB
MD5

2ea5f29707700ac723e253f8309efa19
SHA1

b7f1c03688e980324052136221c847f3b11a89eb
SHA256

ce4f4e46994b2771e947be047b989433f9428299ac508d3a960db1b92a395961
SHA512

beaa8d4959e425ff42cb35b943eeb7ebc1218e81fe7391ce476fb28b94b711de2bf87ce1cf500517fbc6e043275797dbd44b4efa343410fa7a6fd09e6e4986da
SSDEEP

1536:oIKi2LjukMhQFk5mUgL3qcvfAKw1K0y3kVFPP4ZetS5mZEY:wLw6FLdAx008kT6glZEY

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30
PID 1996 wrote to memory of 2096	1996	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#1
  2⤵
  PID:2096