46c45148501516c7ae08e271f1174f335d4b336ac4f8a316b4ba70a588e2673e

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 08:07

Target

29d879d5ed6c333a761ccb7fa8354bbf_JaffaCakes118.dll
Size

340KB
MD5

29d879d5ed6c333a761ccb7fa8354bbf
SHA1

24054b0ca2e2c5378da6a650dc227cdd68309790
SHA256

46c45148501516c7ae08e271f1174f335d4b336ac4f8a316b4ba70a588e2673e
SHA512

44c6cedf604492010d5cea000a97b7ba864a088ce486fd9c43bc6c2c04586b43487805861c497f1b4bbfd529a54eee31aeaa474b8d5cb54e505b1f5e5b13258b
SSDEEP

3072:svA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:s206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 208 wrote to memory of 5096	208	rundll32.exe	81
PID 208 wrote to memory of 5096	208	rundll32.exe	81
PID 208 wrote to memory of 5096	208	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d879d5ed6c333a761ccb7fa8354bbf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d879d5ed6c333a761ccb7fa8354bbf_JaffaCakes118.dll,#1
  2⤵
  PID:5096