e855cf62f67a2d992886ef4714f0ed72ea017275de932205ea5424de44a2459c

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 00:00

Target

01516f83138495431bf8744be3e125f0_JaffaCakes118.dll
Size

93KB
MD5

01516f83138495431bf8744be3e125f0
SHA1

c025de1a5c08c0afbe7ffa236170b26046fd2ea9
SHA256

e855cf62f67a2d992886ef4714f0ed72ea017275de932205ea5424de44a2459c
SHA512

2fcc42f8f2511da7822dd2430e0987b70048194f03911cf1144ff9e9f5e0317c4bc7ac3080129b564e9cd4a2b45a35606af627184cc24dffd3db032db5a44cec
SSDEEP

1536:XkuacOnTIQTiOobuM03cxMzTb4goNFKrGK9+mVHYVHWl4zpM:NacHQfTd3cxu8grlMM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3756 wrote to memory of 1328	3756	rundll32.exe	82
PID 3756 wrote to memory of 1328	3756	rundll32.exe	82
PID 3756 wrote to memory of 1328	3756	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01516f83138495431bf8744be3e125f0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01516f83138495431bf8744be3e125f0_JaffaCakes118.dll,#1
  2⤵
  PID:1328