ecf3700717f073b4e288cb1f0609c63eae6a705f6cf02164aaa1e678dace62c9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 09:59

Target

3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll
Size

319KB
MD5

3cea6d11244f25a953ccc985a79f4e80
SHA1

ffacb56889fbbc316fc3c7798ccead038156d0cf
SHA256

ecf3700717f073b4e288cb1f0609c63eae6a705f6cf02164aaa1e678dace62c9
SHA512

59550114f329ac3f16f4b9ea4f35898f13fae920dceb4179524a03d9e2c9fdcb66eedbc8d4b67de289449626b02d11ba21fd98459a4b838288c7b07550c0150b
SSDEEP

6144:eD8p7vuW+GGwEEqu3jErtLKrPE2+zfDfpim2AdKryB9yuOuk2e:givF+GlTEVgEdfUm2AdKRRuk2e

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30
PID 2560 wrote to memory of 2052	2560	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cea6d11244f25a953ccc985a79f4e80_JaffaCakes118.dll,#1
  2⤵
  PID:2052