ef4db8f9ed106d1944e92cd7fa5b1aa60372639225f65f12f28f7d095ea060b9

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 22:16

Target

6030ad4205958fbc1c4ccd12dd1fd16e_JaffaCakes118.dll
Size

33KB
MD5

6030ad4205958fbc1c4ccd12dd1fd16e
SHA1

9b568767e5c5177fe1bdfc6bc94a7378491d94a0
SHA256

ef4db8f9ed106d1944e92cd7fa5b1aa60372639225f65f12f28f7d095ea060b9
SHA512

ee58730364aa65ac6da93b5715e68cfa34e542518d82b163d53acac7be3d4b363367bf7f2f6279a5d4f973c7d9197dde531800f3a787d6c45622030fa83579b4
SSDEEP

768:8mhRwS4GG3dI+ZOl5GrXhu7h0k35hcD9ssQRXCb:8mhRp4Gx5Gb87hFpCRssQRXCb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31
PID 2552 wrote to memory of 2376	2552	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6030ad4205958fbc1c4ccd12dd1fd16e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6030ad4205958fbc1c4ccd12dd1fd16e_JaffaCakes118.dll,#1
  2⤵
  PID:2376