8c181ed67d5093a1a8cd8536f9b66ab5653fbe0934f243652e65d46169267c10

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 19:54

Target

1751f5e83af7087761b7571bc5b52816_JaffaCakes118.dll
Size

72KB
MD5

1751f5e83af7087761b7571bc5b52816
SHA1

cf53c366a613b06f24cc09458c7fa0b150063f8a
SHA256

8c181ed67d5093a1a8cd8536f9b66ab5653fbe0934f243652e65d46169267c10
SHA512

6e0c4cb630ad788d7c78fe4db8b1b496583b5489109e59c2fee13faee3f535662a19fccf186b7ec1a99241478b4faa04b7fe6ccb248348aa6e5f8577b6ae1f36
SSDEEP

1536:d7h368/bdmCrp5OwYvBbDhQI+FjOW8youF1QcTze:d7hqibdmRbDhMjOW8you3z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 4396	4172	rundll32.exe	82
PID 4172 wrote to memory of 4396	4172	rundll32.exe	82
PID 4172 wrote to memory of 4396	4172	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1751f5e83af7087761b7571bc5b52816_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1751f5e83af7087761b7571bc5b52816_JaffaCakes118.dll,#1
  2⤵
  PID:4396