303aeec521e5618e8f05b85bd0bf27be87d76277535f68906920c02bf65538f2

Analysis

max time kernel
109s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 16:08

Target

2705ee5262a9ed1337ec0022f8011cda_JaffaCakes118.dll
Size

96KB
MD5

2705ee5262a9ed1337ec0022f8011cda
SHA1

4db4a80a967c35d253349726f218d1fd955dcec7
SHA256

303aeec521e5618e8f05b85bd0bf27be87d76277535f68906920c02bf65538f2
SHA512

b0068e39112e17a246d437b7f200f12525de0a7ab5d77d72c98d1c96cb7ec906225fb251b9d064f2f58bfe8d8cfa34a1b42422c4d3e4dc9c3b110f9ab287bf09
SSDEEP

1536:Lpk3CGM+Zfbq44xWalOcr7sf5Ma8UG/eLyobeNU3PInX:L+yj+dRSIcr7a6/cf6NU3PIn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4156	4988	rundll32.exe	81
PID 4988 wrote to memory of 4156	4988	rundll32.exe	81
PID 4988 wrote to memory of 4156	4988	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2705ee5262a9ed1337ec0022f8011cda_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2705ee5262a9ed1337ec0022f8011cda_JaffaCakes118.dll,#1
  2⤵
  PID:4156