ed27c1ce4babc1aa83fb1ccaae9885ee1b93024e40d0a29969fcb50f04e242f7

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 07:53

Target

JaffaCakes118_ed27c1ce4babc1aa83fb1ccaae9885ee1b93024e40d0a29969fcb50f04e242f7.dll
Size

44KB
MD5

3c35116e283cab895242afb2adf6553e
SHA1

c8beb1102484c52d6dd881a033db6b0dc691afb8
SHA256

ed27c1ce4babc1aa83fb1ccaae9885ee1b93024e40d0a29969fcb50f04e242f7
SHA512

8f7a2a05dfcab87e2629e59375cd7dcbac53730edac9b85b1e4223b27eb1eb8d5ed721ef8d295cdfe7ec4dbb3749caceaa62f5dda94e420823dcef3a1b7e6705
SSDEEP

384:w+vzaov6mxU5SU4DbwDPu4o3ZuTBl8FBHOJ:XzaNm+8u1lc9w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2944	1708	rundll32.exe	31
PID 1708 wrote to memory of 2944	1708	rundll32.exe	31
PID 1708 wrote to memory of 2944	1708	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ed27c1ce4babc1aa83fb1ccaae9885ee1b93024e40d0a29969fcb50f04e242f7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1708 -s 52
  2⤵
  PID:2944