dbe845e25c819a9b913e4e68b13282f92d04e3a5fad2bbcffc8e0f092d54c56d

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 14:45

Target

1bb3d9e8010298438654f2e0ee5e7070_JaffaCakes118.dll
Size

68KB
MD5

1bb3d9e8010298438654f2e0ee5e7070
SHA1

08c138c6e5fa2302f34f1f9f26c94bcbb2e3183d
SHA256

dbe845e25c819a9b913e4e68b13282f92d04e3a5fad2bbcffc8e0f092d54c56d
SHA512

27d005707a17de55a4f9755c7760ecb79dddb4ceed0d6cf068608197e2cf24a9a30b71acaf34486dca57dd15d126d74b069d202658dbb8db21fe7e83036c6771
SSDEEP

1536:ujhaB4qT1f7N/aTviNdrN/yK9jFD/oroO4/F3:ujhaB4qdN/p//rAroO4/F3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 3040	2880	rundll32.exe	81
PID 2880 wrote to memory of 3040	2880	rundll32.exe	81
PID 2880 wrote to memory of 3040	2880	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bb3d9e8010298438654f2e0ee5e7070_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bb3d9e8010298438654f2e0ee5e7070_JaffaCakes118.dll,#1
  2⤵
  PID:3040