7a580b42bde161a9486f4cfa47a2288b2e019d7e3616de9fcf22822288e6fb10

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 17:21

Target

1bdabf6c5dc269dc55dc94990850f8ec_JaffaCakes118.dll
Size

7KB
MD5

1bdabf6c5dc269dc55dc94990850f8ec
SHA1

47ec79628a8833b644789243dbbc61c2be57946f
SHA256

7a580b42bde161a9486f4cfa47a2288b2e019d7e3616de9fcf22822288e6fb10
SHA512

919034c63c7a89a942736551a5b19fc2c55888fdafd5fd1e261d8a88d159e13fccbe6014573c3a815b8beb640b7f744d2845dfa725fb15acdb745c6417b31195
SSDEEP

96:+9RXVtx6VRBXEg/oNFz9/fKY+HMPFZdfH4+OqaavZEWFf93CGCRWwuUf+:KZZkRFB/oDtfXfH4rqaav6Wt93CzRWY+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2324	2932	rundll32.exe	81
PID 2932 wrote to memory of 2324	2932	rundll32.exe	81
PID 2932 wrote to memory of 2324	2932	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bdabf6c5dc269dc55dc94990850f8ec_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bdabf6c5dc269dc55dc94990850f8ec_JaffaCakes118.dll,#1
  2⤵
  PID:2324