72ed93f46cb8976b5274c82141ab74c8377d7317324d5bc415f438d355b95391

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 17:05

Target

67f9948fedfc8f284b07ed3e77ccdd09_JaffaCakes118.dll
Size

5KB
MD5

67f9948fedfc8f284b07ed3e77ccdd09
SHA1

451a0260c23ea29aa2fc785f5f2ac66219deb8a1
SHA256

72ed93f46cb8976b5274c82141ab74c8377d7317324d5bc415f438d355b95391
SHA512

4f18063262ba0e51f1e4fc0d8a42fef9a34689aa7f6b54f8a6762d04d35704111e9a6546fde9272e399d1ceedbea3f39d7e64e61d991348dd6646938a2741a8f
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJ3qdzEBmvb8SZCRI3LPix+31DNrOuQ+F5UjZN1y+mY:MTWnRZ0lJ6FE+DGKLKurrG+Fejvs+mY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2112	4788	rundll32.exe	85
PID 4788 wrote to memory of 2112	4788	rundll32.exe	85
PID 4788 wrote to memory of 2112	4788	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67f9948fedfc8f284b07ed3e77ccdd09_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67f9948fedfc8f284b07ed3e77ccdd09_JaffaCakes118.dll,#1
  2⤵
  PID:2112