757ebef7bf9dd9e5645124459014759b1e1a33c77b336c75499e87f81e3bfcd3

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 02:28

Target

43eeb83aff2d9896701ae10b86ba6fb2_JaffaCakes118.dll
Size

275KB
MD5

43eeb83aff2d9896701ae10b86ba6fb2
SHA1

c712c81020a5783894073e9f269b5513872bac57
SHA256

757ebef7bf9dd9e5645124459014759b1e1a33c77b336c75499e87f81e3bfcd3
SHA512

9aefe64f6eba7d4b563ce04ea273f98b3e2ee2561db9d86a241e2bd3f7167cf6913a3224506aecfc38123b6c664e6da89bcdbab470068bb067f2a2ead6fa0712
SSDEEP

6144:yjY729zRGxd2Cua7Bn3wF8tH2KE3jKZfC1JeRGvFDEabDs84OlrtgnyNYTEPNl:P7kG/R75gFAH2KE3jKZfC1JeRGvFF482

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29
PID 2532 wrote to memory of 1232	2532	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43eeb83aff2d9896701ae10b86ba6fb2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43eeb83aff2d9896701ae10b86ba6fb2_JaffaCakes118.dll,#1
  2⤵
  PID:1232