7d17a724ef594fbf66f4d9fdc78a938b63b3a8b76d4ef148f439612d1a0dbee9

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 19:04

Target

4c9996f2b4b4967e2e67641e4d4b9974_JaffaCakes118.dll
Size

62KB
MD5

4c9996f2b4b4967e2e67641e4d4b9974
SHA1

0d91cbcc7a871bea571eff1714b05381365d30ba
SHA256

7d17a724ef594fbf66f4d9fdc78a938b63b3a8b76d4ef148f439612d1a0dbee9
SHA512

ef56b15b11a29b35d94fb6b0d2a9ccdc44082a107b963604ea651f778e44cc26756bcebcf6dd42cf5f237baf5561de56780e991a0fa745a47aaeac8169a9bad3
SSDEEP

1536:V5jl/O8pXR3ShIpethp24HcpCEEIAq4VbhiRrfaTh:V5h/O2h3NEpPHOAq4O9fa9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3592	2104	rundll32.exe	83
PID 2104 wrote to memory of 3592	2104	rundll32.exe	83
PID 2104 wrote to memory of 3592	2104	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c9996f2b4b4967e2e67641e4d4b9974_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c9996f2b4b4967e2e67641e4d4b9974_JaffaCakes118.dll,#1
  2⤵
  PID:3592