a973a812500ee8567f41a8615c746c0999dc648763c4e42cf7bdb338b1a69503

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 17:35

Target

09e13865b85996a845d0f3e9e24ad238_JaffaCakes118.dll
Size

105KB
MD5

09e13865b85996a845d0f3e9e24ad238
SHA1

897fae2fca0da35cc118e78276d6c19ea454641a
SHA256

a973a812500ee8567f41a8615c746c0999dc648763c4e42cf7bdb338b1a69503
SHA512

c532932fb8ab49b8e3654e0164e46501cf56f1b79092f400ea9ff797354aecada3ebc0fc021d190d5d2bf31ac4a28d6533fe6fcd1fdaa36ca85b12025f54186c
SSDEEP

3072:VLNTzzH1p0qbZoQlAuSBQl/YEtdyB5VtG62OXP3:VlzHrZFFXl/YE8Vt92OX/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 2096	4728	rundll32.exe	81
PID 4728 wrote to memory of 2096	4728	rundll32.exe	81
PID 4728 wrote to memory of 2096	4728	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09e13865b85996a845d0f3e9e24ad238_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09e13865b85996a845d0f3e9e24ad238_JaffaCakes118.dll,#1
  2⤵
  PID:2096