d108586c2004570d92b6d506bcfedd61d793c47c7f6ceb9f56c4b0798cca67bb

Analysis

max time kernel
133s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 19:47

Target

1c48b820d221068c4abc2e06a85ac3d3_JaffaCakes118.dll
Size

31KB
MD5

1c48b820d221068c4abc2e06a85ac3d3
SHA1

1c4122af6dcf3ef0fc2e4d69fcb4c7b66276772c
SHA256

d108586c2004570d92b6d506bcfedd61d793c47c7f6ceb9f56c4b0798cca67bb
SHA512

b34693329efc600be3a3ad9de5349ea3c52680925aac9f9b568a9149418de83c6ef1666c84879a62612bfb78eaaa893e0e4e0b778c05e9924fb1fb5dca31fbe3
SSDEEP

384:cET8Z0TQjp46KURzDpXF71vGEpEV81Q9NV77B9ypa2HVxwawIJFfLR7jWc02:98aQ9UM15p09NV76a2Lwh6VLRjWn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 4688	3560	rundll32.exe	83
PID 3560 wrote to memory of 4688	3560	rundll32.exe	83
PID 3560 wrote to memory of 4688	3560	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c48b820d221068c4abc2e06a85ac3d3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c48b820d221068c4abc2e06a85ac3d3_JaffaCakes118.dll,#1
  2⤵
  PID:4688