cbb967b72fd122df66e8b979fed2d003b0dfb84f9d0037e363ff93c2c3c18b0e

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 11:41

Target

303ad5b0b231440ff8586da89afb6f76_JaffaCakes118.dll
Size

48KB
MD5

303ad5b0b231440ff8586da89afb6f76
SHA1

84393baf0e505f27415e5e7d0f6a4be6b41a3f92
SHA256

cbb967b72fd122df66e8b979fed2d003b0dfb84f9d0037e363ff93c2c3c18b0e
SHA512

d44728b7b4c2945938559350ccbd63d72ba4839bf289e5bd8fe96ace1425f2c9a8298fe5f5e1f2a7f2c5b30fae7e341feb1facb1fcd1eb994a11c8e63b55ebfd
SSDEEP

768:TPUc5F0gaQwGz72ENnbDCtHRrRe3M9ezXJxVetUjFB:TPj5F0gaQ72EN0e3rtxVeOp

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30
PID 3040 wrote to memory of 2132	3040	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\303ad5b0b231440ff8586da89afb6f76_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\303ad5b0b231440ff8586da89afb6f76_JaffaCakes118.dll,#1
  2⤵
  PID:2132