27eff9f90a212c188ea2d183611b2896d10964766203573b4c2bbc41724b7b11

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 12:04

Target

5bdcec6e42904f1941376ff24be9e272_JaffaCakes118.dll
Size

54KB
MD5

5bdcec6e42904f1941376ff24be9e272
SHA1

86df72a10a762fafab66c53dd6efce04cff92ed2
SHA256

27eff9f90a212c188ea2d183611b2896d10964766203573b4c2bbc41724b7b11
SHA512

2ab72d0a4aef008e9518cca66719f96e2d4f2baf7711232b047ceb8c46fbffdb5762c583646c44616b5a765e3c91e3b3bbfef626bfe3f0fcfd4400e7101fba21
SSDEEP

1536:knK0jhOKw+PqRLGwghlarqSDKgAyx/sR4TKifgayM:knNhOKw+P+PghlrmK7yx/rTFfHb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30
PID 2652 wrote to memory of 1736	2652	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bdcec6e42904f1941376ff24be9e272_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bdcec6e42904f1941376ff24be9e272_JaffaCakes118.dll,#1
  2⤵
  PID:1736