8dc05c993244cdff8e364dde8e0ef9307732ad6536d3e1251d395df306fd5a0f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 14:21

Target

67ea385b1a2bf6613b08ffda147c14c4_JaffaCakes118.dll
Size

18KB
MD5

67ea385b1a2bf6613b08ffda147c14c4
SHA1

db3f65d32e240e364475f26f6b737e0b7cfe1da1
SHA256

8dc05c993244cdff8e364dde8e0ef9307732ad6536d3e1251d395df306fd5a0f
SHA512

bef4d54a0578dda65e66881309b92213ba46b8f5e08739fb2d7738717a4f9efe8fe047726750e699c18da10a45ac9d9015acf27b851e64e58600177cb04b62b9
SSDEEP

384:xB1Ga3nQc1SXhP97pOur3NS6CpiH0gdWyHSTZ:L3nh4r0GmatUyK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30
PID 2932 wrote to memory of 2760	2932	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ea385b1a2bf6613b08ffda147c14c4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67ea385b1a2bf6613b08ffda147c14c4_JaffaCakes118.dll,#1
  2⤵
  PID:2760