6db0c359871daff9f6e6029aa75116a9ef527a7ce840644c7ff8ffb37cdab43b

Analysis

max time kernel
137s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 20:33

Target

732959e138a948794e404f66543d313a_JaffaCakes118.dll
Size

340KB
MD5

732959e138a948794e404f66543d313a
SHA1

acd7fdba5a9663c46508ceac36b3855c5b070e79
SHA256

6db0c359871daff9f6e6029aa75116a9ef527a7ce840644c7ff8ffb37cdab43b
SHA512

6bb9136caffd34207a124a2892a521eee55b29e8661e828521d2dc859bf273843d82790fcfe0d962ef18b0aa006bf89f56fb694c3e33439c5d107f902e31caed
SSDEEP

6144:tleuq232Ot+FdyBbGt9TK5iQF43fq9r5ZfJjniJrNb/w7cMk8RF:t8t232Q+iNSZrL3y/4MNv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 3976	4276	rundll32.exe	82
PID 4276 wrote to memory of 3976	4276	rundll32.exe	82
PID 4276 wrote to memory of 3976	4276	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\732959e138a948794e404f66543d313a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\732959e138a948794e404f66543d313a_JaffaCakes118.dll,#1
  2⤵
  PID:3976