2a70cb46fb85f4da4414f0c6211fb8d3ab047a7f4ed35638d7b376ef30eb9c45

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10-09-2024 06:25

Target

d7b5f5334abdea9419cb69a1ff5a194b_JaffaCakes118.dll
Size

1.1MB
MD5

d7b5f5334abdea9419cb69a1ff5a194b
SHA1

fd3f30a88ca26f8f591588c01349a93f0e74c63a
SHA256

2a70cb46fb85f4da4414f0c6211fb8d3ab047a7f4ed35638d7b376ef30eb9c45
SHA512

82bc1e3089e4f26395b84fe79177c066fafab308d02ee1c34a107d4762533b77715010cad42247ab1be62712196740f8e9c0697daeab9cba4a03bdcb399d75d9
SSDEEP

12288:kCg1g4Gk+wq91vw4viqm5nUXhvYZ4CqkEl+I0rgZ33hfzszUndVnKqcqqTwV:kTgUik4viqOUXhgLqp+I0sZBbckfnp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2376	1520	rundll32.exe	30
PID 1520 wrote to memory of 2376	1520	rundll32.exe	30
PID 1520 wrote to memory of 2376	1520	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7b5f5334abdea9419cb69a1ff5a194b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1520 -s 276
  2⤵
  PID:2376