223dcaee57a6d414581eff1728b497798f16186cad980e029684d554c1090d04

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 13:55

Target

41f450002db4fa47fd0a5ab6b1233bd4_JaffaCakes118.dll
Size

204KB
MD5

41f450002db4fa47fd0a5ab6b1233bd4
SHA1

fd7384d9b7cd4636187fad39069e01028c24d5e6
SHA256

223dcaee57a6d414581eff1728b497798f16186cad980e029684d554c1090d04
SHA512

1d04fb68080749767e56f9cfdc9f9fd12c5ae9046813187b855802599bb99df3c573a6b69c56b93b74e225da5891148b43dab905c19ad4a4cbc833d8c561583f
SSDEEP

3072:WP3E4hr7WWCZ9dyDIznT2b4XFZJ00bmbJQ6WXslSMcFRIPm30qHvcO5VHbXhx+Fy:WyJlFXKQZJhx+KQs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30
PID 2560 wrote to memory of 2680	2560	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41f450002db4fa47fd0a5ab6b1233bd4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41f450002db4fa47fd0a5ab6b1233bd4_JaffaCakes118.dll,#1
  2⤵
  PID:2680