e6d2fa1809e9ceeae554e53e1c888ebbb7d278a2d14dfadc1d870ebf79bec345

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 17:58

Target

5d09a16fd53b05641f6fd43ab3836250_JaffaCakes118.dll
Size

482KB
MD5

5d09a16fd53b05641f6fd43ab3836250
SHA1

428d9318c143dc5ac8e3d4fd739ba662f57c3db9
SHA256

e6d2fa1809e9ceeae554e53e1c888ebbb7d278a2d14dfadc1d870ebf79bec345
SHA512

7362ff08f34401ddbf0a164144cde711737c7e8c168b610b92c070cf2bb09fd95e79c87647107561d04983d0384a5c59f0a97a57aa99914aa9285c07182a2486
SSDEEP

6144:PdHtCVeJ6DA8nvyWqkZiFs/rSFw4aLW7yot/Q7Z5LTJeDhe24nRCsOx:PdHtCVeJ6kDDF6tRLxotAZ1Je9yE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30
PID 2980 wrote to memory of 3040	2980	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d09a16fd53b05641f6fd43ab3836250_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d09a16fd53b05641f6fd43ab3836250_JaffaCakes118.dll,#1
  2⤵
  PID:3040