c804fa13c5f3ba1ba35dfd98f99cab50b7ca4542579db9ae01ff1cf2be3a5eda

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12-07-2024 05:18

Target

3c1deff20b2df5140b3519eb45f129c9_JaffaCakes118.dll
Size

478KB
MD5

3c1deff20b2df5140b3519eb45f129c9
SHA1

c5a5309833e05853b70f235bd85acab796121584
SHA256

c804fa13c5f3ba1ba35dfd98f99cab50b7ca4542579db9ae01ff1cf2be3a5eda
SHA512

69361aaebec0b558373727fb25e16ad4e26b25ad1a1bbc2fc94b096ab5656c96b8fe5919cbaf322025378912e02beb1dacf8fa4aa537ebc61dec975c60ae0e00
SSDEEP

12288:geqF0BKzVnRm5EB2HK/T7SIb8rK/JaGELHBV:4uCRm5W2HK/T7SIIrK/JaH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30
PID 2948 wrote to memory of 2576	2948	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c1deff20b2df5140b3519eb45f129c9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c1deff20b2df5140b3519eb45f129c9_JaffaCakes118.dll,#1
  2⤵
  PID:2576