1887825cbe6e619611d20c979aea33639a4a622a0cf878591344f76f806ca8c1

Analysis

max time kernel
92s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 05:55

Target

781fa6b41ecb43150e96e95a12132236_JaffaCakes118.dll
Size

116KB
MD5

781fa6b41ecb43150e96e95a12132236
SHA1

39dbfed2b5d15dbf3ada10c6bf3de6e972b79e75
SHA256

1887825cbe6e619611d20c979aea33639a4a622a0cf878591344f76f806ca8c1
SHA512

964aa12c4f0ad23614c523f9a5d5391db55150ff043ac6fdab8c926412d317d20c5bc07edca5614740d8f02a21ed920ea6eca4f24ad2b3fa1254ff978ff80d55
SSDEEP

3072:S1y5h5lF47Q3Cy9pi4zM+GTGWs6DsX6KpnZ/28x7+xGW8DR5:ayllF4bqpu+BZ7x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 1116	3748	rundll32.exe	82
PID 3748 wrote to memory of 1116	3748	rundll32.exe	82
PID 3748 wrote to memory of 1116	3748	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\781fa6b41ecb43150e96e95a12132236_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\781fa6b41ecb43150e96e95a12132236_JaffaCakes118.dll,#1
  2⤵
  PID:1116