2e275c4e969bc88bd9cc199202eb87aa051dceae31f1cedc4c02507641dd8ea1

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 08:31

Target

6283957f34dbbf6e96e9be28365ecb0d_JaffaCakes118.dll
Size

34KB
MD5

6283957f34dbbf6e96e9be28365ecb0d
SHA1

ca6a7d3bac7fabf05ba0350d39386c4d8d24d549
SHA256

2e275c4e969bc88bd9cc199202eb87aa051dceae31f1cedc4c02507641dd8ea1
SHA512

523bca7a6680b04ab9b9085b6fe7873ae4de83787b100886fe3de4997778b2ca0b54486a1721712e5c0f82df3c0b3619fee89d1c86a7e1c30c55d5bee9626380
SSDEEP

768:YbOhTLYMpXQ3T3YNrZr//7WvkZCOqhnPmRZ7p0jQF:4OhTPN/Nr17WvHpORZ7p0jC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30
PID 904 wrote to memory of 1964	904	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6283957f34dbbf6e96e9be28365ecb0d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6283957f34dbbf6e96e9be28365ecb0d_JaffaCakes118.dll,#1
  2⤵
  PID:1964