18765d91d499fc6c9e8b725a06e6abaf9759570df2a1628f59b916f67c14769a

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 17:16

Target

1bd6336ea0c578b7187c8a90819f2cee_JaffaCakes118.dll
Size

124KB
MD5

1bd6336ea0c578b7187c8a90819f2cee
SHA1

056dc65a2561a20007dd94c508f5695fe9b6d04c
SHA256

18765d91d499fc6c9e8b725a06e6abaf9759570df2a1628f59b916f67c14769a
SHA512

3282413b6cfd2d9e46cda4bfd0157c50a393e4b3cf07acf1dd11219b094cf93ee118ce51b9168e8a87caa3ff478ea484d8eccd3df4ba16227ed7f4c0300a93ce
SSDEEP

384:856B3e5UV15jLLzo6XGx0Tf6kwlnyD2OpulyoOJC2Rbs2z9q:R3e+VHPZa0rslihNJLZ9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 3740	1676	rundll32.exe	81
PID 1676 wrote to memory of 3740	1676	rundll32.exe	81
PID 1676 wrote to memory of 3740	1676	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bd6336ea0c578b7187c8a90819f2cee_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bd6336ea0c578b7187c8a90819f2cee_JaffaCakes118.dll,#1
  2⤵
  PID:3740