d8a4e845306fe333af2a1aa58a1d7a7fb3ebc775105354956043ed33a7011394

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 05:21

Target

2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll
Size

33KB
MD5

2f1f260592b513c649e5705a67e6150e
SHA1

84560920b7b9901a978e9e356d0eeffc91fbf6ca
SHA256

d8a4e845306fe333af2a1aa58a1d7a7fb3ebc775105354956043ed33a7011394
SHA512

14e10857fceb8f939d6e1a3d5f6d61b74cb4389117ed44d93670cc1b9732f979b42051cd94ac434ffbb2c50d572c0fc4d4c82af69465697aded882420ba839b3
SSDEEP

768:m5rQdVtf/IHuYbUoiPs0XnPF7AHAgqNVOsTRKVs850:4rQHtYOYV0Xd74AgU1RKVV50

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30
PID 2368 wrote to memory of 2568	2368	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f1f260592b513c649e5705a67e6150e_JaffaCakes118.dll,#1
  2⤵
  PID:2568