2ed91af61d8a48b19a62f90b94b2114b68aafebf7c284a533f93f1e975306f63

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 04:24

Target

6620e91722027e385ba03546528ea71c_JaffaCakes118.dll
Size

357KB
MD5

6620e91722027e385ba03546528ea71c
SHA1

edd166a21b55a5aaefdb516e71af80e57467aa5c
SHA256

2ed91af61d8a48b19a62f90b94b2114b68aafebf7c284a533f93f1e975306f63
SHA512

5f19381ab45b399ad8c5ce5bf186b6ccdf4b6bb8e52c35faa053f0349c05f80dcf6c1b07c75f7a04d295beada571c0cebb52fc8bdfb45688e05d466da1e55cb8
SSDEEP

6144:41EvU5RbBVM22qtdRUmh+rgsg1FGUjVuXukOMtl33TByq0kDGpsmEPX47:mEvU5RbB52qtdiZrgsg1FGbXukOMb33q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30
PID 1864 wrote to memory of 2468	1864	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6620e91722027e385ba03546528ea71c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6620e91722027e385ba03546528ea71c_JaffaCakes118.dll,#1
  2⤵
  PID:2468