6ad8d7ce01dc8b4811a71ec380f45c4474dd95870785c8cdacce29824a978ded

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 07:12

Target

193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll
Size

68KB
MD5

193e10928586cd4a0df91d49455227a4
SHA1

68a141d8f93d5fd816235ef7e3439c1046aceb47
SHA256

6ad8d7ce01dc8b4811a71ec380f45c4474dd95870785c8cdacce29824a978ded
SHA512

b66010412292ade67918e2bd9d6d81f0207e6691f435b57f5b50eed0de4230041549fe4dacbd0d05047d289393de505f6db9cdbc2b57ffa00a055cfddafbf150
SSDEEP

768:jcOi31Bei7UPljckCEN3zMxPQiITUumZqQpgxkD6KTTybPr06SNnDsnx9Yt/DCTF:p9N3IOThknTTybPr06gnD3CX9o4M2z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1624 wrote to memory of 3912	1624	rundll32.exe	80
PID 1624 wrote to memory of 3912	1624	rundll32.exe	80
PID 1624 wrote to memory of 3912	1624	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\193e10928586cd4a0df91d49455227a4_JaffaCakes118.dll,#1
  2⤵
  PID:3912