413c4eda4e31b245e8c340f2b75c5a331a4bc2c65c492a1fc8b7844e9d9be29b

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:27

Target

0e11f957fd6405154c5d846223ac1c0e_JaffaCakes118.dll
Size

42KB
MD5

0e11f957fd6405154c5d846223ac1c0e
SHA1

e342b23becd2b69f7f2f03434b1f68730d521773
SHA256

413c4eda4e31b245e8c340f2b75c5a331a4bc2c65c492a1fc8b7844e9d9be29b
SHA512

6637fe32b24168d0afd7ebe999cc020d007c1ab540c0fbb1251a4471b8a31d1da7e18e78e7e590ef991f58cb8c35668e3263a032d8446d12fd818e9ea196a461
SSDEEP

768:wdWrhY21r7R/2NF3SCyY22lKOdoGj0m7XjYvVYGLi051FMRnkGI9Dlf7OGc:wAr7CRxyYfKOn326GLD1inkG6f7O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 2972	1228	rundll32.exe	81
PID 1228 wrote to memory of 2972	1228	rundll32.exe	81
PID 1228 wrote to memory of 2972	1228	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e11f957fd6405154c5d846223ac1c0e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e11f957fd6405154c5d846223ac1c0e_JaffaCakes118.dll,#1
  2⤵
  PID:2972