2fb71c4ea9b07c1c8366b30f1d2b6d9d490a692e9bffee64f3b15403d776bed4

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 11:25

Target

302d906be79804797ebbee25de0c2770_JaffaCakes118.dll
Size

30KB
MD5

302d906be79804797ebbee25de0c2770
SHA1

5d0fd46e3898e96f281f8cf198049a5fda758b43
SHA256

2fb71c4ea9b07c1c8366b30f1d2b6d9d490a692e9bffee64f3b15403d776bed4
SHA512

8b8f207b5cff757ca649cf0fd8f62715d8775495dad4f0d706ecb9583e817f7dce077a05e00cd65b13db825ad7a106bf5bf682176c95cc29c1005a351931d3fd
SSDEEP

384:gZXNHnCIrZNZS6+6F3eJSvdP+lgIGv4nb3ncp8lcXjoAuBBQARQkgRVwiW:gFlnCsSV6p/C46lcMXBBQARQkgRVw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30
PID 2740 wrote to memory of 2852	2740	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\302d906be79804797ebbee25de0c2770_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\302d906be79804797ebbee25de0c2770_JaffaCakes118.dll,#1
  2⤵
  PID:2852