13ac1211d95440ed3be668f9224666d4b7b0229f624a8b7115d7ce1210c74740

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 17:27

Target

f198673fa03896bc77646ddcdf0ccbc6_JaffaCakes118.dll
Size

32KB
MD5

f198673fa03896bc77646ddcdf0ccbc6
SHA1

19982b416b24baaf50984454a73631a2b25c8536
SHA256

13ac1211d95440ed3be668f9224666d4b7b0229f624a8b7115d7ce1210c74740
SHA512

215942e31e983e8c2e5a0b3795b0b137d3ac22b9a3d52f271f32d782e514b5c3920611fef8b53d56b8daf27ca40017050a5b13725b7679c80afb81080769ed22
SSDEEP

768:e2Pr8feR1Geasryxdy7pF6ozhZflIRv1qqm:e2Pr8feCezB7p8gDNIRNqv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 4360	372	rundll32.exe	86
PID 372 wrote to memory of 4360	372	rundll32.exe	86
PID 372 wrote to memory of 4360	372	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f198673fa03896bc77646ddcdf0ccbc6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f198673fa03896bc77646ddcdf0ccbc6_JaffaCakes118.dll,#1
  2⤵
  PID:4360