62d0550460775e9012852b3c119b9771fb592af23adbdfea39e20d0bcd1dddb2

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 23:19

Target

f8f9883b2d53d3a5a84581adbc724a96_JaffaCakes118.dll
Size

19KB
MD5

f8f9883b2d53d3a5a84581adbc724a96
SHA1

6870c15242e1adb45182a6a04dbbcc23d9852017
SHA256

62d0550460775e9012852b3c119b9771fb592af23adbdfea39e20d0bcd1dddb2
SHA512

89675c8e725e7a94bcf249ef0a8d8d6583c023866b5ca3560dd10889b7e77fdbcef1f4f0350b6a9f8a3485d3ccb446135b57d95d0f4c8836e0655023d1ee98b9
SSDEEP

384:Klv4YiKEjcYXmmDP5Eiz41s9ORqR6RhRKR9+R++RyRT:qATKEjNxbk1xwkXAuVo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4476	3704	rundll32.exe	83
PID 3704 wrote to memory of 4476	3704	rundll32.exe	83
PID 3704 wrote to memory of 4476	3704	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8f9883b2d53d3a5a84581adbc724a96_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f8f9883b2d53d3a5a84581adbc724a96_JaffaCakes118.dll,#1
  2⤵
  PID:4476