2c026124d268bb7bc017b466f46a9dc2f185a9cee9776c2883fb0e8e0c3550d8

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 04:47

Target

445e0a8e2a1a4ff0f334506a2af91962_JaffaCakes118.dll
Size

35KB
MD5

445e0a8e2a1a4ff0f334506a2af91962
SHA1

135903afb120294c91565351b77d3da7d41197f3
SHA256

2c026124d268bb7bc017b466f46a9dc2f185a9cee9776c2883fb0e8e0c3550d8
SHA512

e5510541f7fd159fca65ade171a8fdb5df8761f9bcae8ffe938cec6fcfdcc34cadee5e99afb86622c583be91fb92c0e89ab043c7dc0baee3b5c3e511cbbfc395
SSDEEP

768:MnWy0L5TXpVQcqxieaSrM/W4uGes7UOFTcJ5hlD8oR3Y0eX:VLtXvQqSrMe/s7UOdcrXlRI0+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30
PID 2220 wrote to memory of 2004	2220	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\445e0a8e2a1a4ff0f334506a2af91962_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\445e0a8e2a1a4ff0f334506a2af91962_JaffaCakes118.dll,#1
  2⤵
  PID:2004