7a6c877b03f9cdceb64c47067f5eb09d31ad4393f22256a8c69d602a9e11b31a

Analysis

max time kernel
91s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 10:40

Target

ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll
Size

94KB
MD5

ed3b65b173f12527d874cc1e2f8e6b19
SHA1

6e03c75ff58717deadfd0b875af98e5637738972
SHA256

7a6c877b03f9cdceb64c47067f5eb09d31ad4393f22256a8c69d602a9e11b31a
SHA512

c04fcce2beb37a7627c041001d88a0445a8c782b383e5af5ff147feafc0d3c68dd631a97d897ac0862c0d09239961df157b277b6b1d26c650f32ba238c2b7535
SSDEEP

1536:7/RIGXRSo70vVqCH56LNVF/lGuDXjieH6gQaSmrgcCfQsexjdLVkKq1wkumsxk:7R7ookohDX8gQaSmrglQsexjdLVs1wkx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 1204	3748	rundll32.exe	83
PID 3748 wrote to memory of 1204	3748	rundll32.exe	83
PID 3748 wrote to memory of 1204	3748	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118.dll,#1
  2⤵
  PID:1204