86412a2ab98d9c939137aba21cbe9dc2bb119ef55db1cea49af67deadd397005

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 07:49

Target

e98087744159a730115a37aa1ed6109d_JaffaCakes118.dll
Size

6KB
MD5

e98087744159a730115a37aa1ed6109d
SHA1

7eda7eda4055d740cf75c087f2a21b542aad9997
SHA256

86412a2ab98d9c939137aba21cbe9dc2bb119ef55db1cea49af67deadd397005
SHA512

7b99f5675b5bd9216317ee65af8f60cb2bf0ef83cf271ce4c4965381424310a4c6f4901ff1d4c37e9d17892cf6307c4e8addccd70ac6e1e679817c80e2927fce
SSDEEP

48:6++Z5YVOeJVkrm1pwbEX7PFUE7aaO0NB+BDq9J5S1XU:6eJVkrmgbCbFUaaaNB+FqX5S1k

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 4036	1624	rundll32.exe	88
PID 1624 wrote to memory of 4036	1624	rundll32.exe	88
PID 1624 wrote to memory of 4036	1624	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98087744159a730115a37aa1ed6109d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e98087744159a730115a37aa1ed6109d_JaffaCakes118.dll,#1
  2⤵
  PID:4036