0b6ffd763b8644406e3d837ee77fb857f1f3b7ab69d5089e75e170fb2217282f

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 08:05

Target

07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll
Size

204KB
MD5

07590760e2e65c1530ff50c4bc4c3527
SHA1

a56f43185a6ada943692349de7328623196712ca
SHA256

0b6ffd763b8644406e3d837ee77fb857f1f3b7ab69d5089e75e170fb2217282f
SHA512

b6452b1890c00800e705875607fa6fb4880b02d91a6a4c6bafc57f7108df03e2e00946cc4176486775580ad9ec0471c602e3feb0f78f9274efd8d5c9e93bac75
SSDEEP

3072:887fZhz7uW+WJdyDIfezUs7pJsxbmzo46YVIOSfcFRhrmw0qHxcO5VHWAz2x9+9b:r6d57H04+RAzr9z9NX3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 2668	4516	rundll32.exe	83
PID 4516 wrote to memory of 2668	4516	rundll32.exe	83
PID 4516 wrote to memory of 2668	4516	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07590760e2e65c1530ff50c4bc4c3527_JaffaCakes118.dll,#1
  2⤵
  PID:2668