c2b43e5ed0cf1b26ba4203331cb404400107adbf472afbccc3d2b4b12c194e75

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 16:53

Target

5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118.dll
Size

156KB
MD5

5cd28b5b0e25e06f3ff024fb7957bb64
SHA1

0e5fde1903dd84aaed6f3672b505936c128edcd4
SHA256

c2b43e5ed0cf1b26ba4203331cb404400107adbf472afbccc3d2b4b12c194e75
SHA512

09f389c59af6655cf567e4f9eeb06ad6f12bd4a48931e0991e934bce4320ac585fabf22fd54ca3d93dec38093618db71175978c49535dc87a336604cfc37c364
SSDEEP

3072:pX1ZvjqDrRlvCapABqdG5cWHV/In3+9BRLLlQdA/6:bZOfLpA4g5cWHV1LxQdo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30
PID 2956 wrote to memory of 2648	2956	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118.dll,#1
  2⤵
  PID:2648