2112ec6bfe68ee031596d84a0452988d6fbf0c3a663c61512dae59c3f41417e0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 19:05

Target

646b83b4b2eff2dbecf9cc8e4aa72ae5_JaffaCakes118.dll
Size

93KB
MD5

646b83b4b2eff2dbecf9cc8e4aa72ae5
SHA1

60232ff43234009f433fefb7d4ccb36f6224c686
SHA256

2112ec6bfe68ee031596d84a0452988d6fbf0c3a663c61512dae59c3f41417e0
SHA512

24b98309e6ed94cd5a4a97346324a781ed255ba21b8f39fc31179c545c8c245532ccbb0d199696bbecd8eba12a736115b3fa355295017d3fc7f704bb09ea8ec6
SSDEEP

1536:ot30BcgCzI+KOocuI/G+Z1kLm1/g4TotPOhr/noFUpoYoOmQMG5fMo:q30fCxaqG+Z1JRTofFUzeQMYfMo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30
PID 2076 wrote to memory of 1564	2076	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\646b83b4b2eff2dbecf9cc8e4aa72ae5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\646b83b4b2eff2dbecf9cc8e4aa72ae5_JaffaCakes118.dll,#1
  2⤵
  PID:1564