cdb7e18875e5b689e5c250992ea03d85ef38d3ec10b551c3e9787534210ae90a

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 13:22

Target

2c8240bc46683b865e2faa99c8113abe_JaffaCakes118.dll
Size

99KB
MD5

2c8240bc46683b865e2faa99c8113abe
SHA1

d2ea5dd83e6de622eb932d725d5378adc4362a20
SHA256

cdb7e18875e5b689e5c250992ea03d85ef38d3ec10b551c3e9787534210ae90a
SHA512

51dc4db5c669a13111613fb2258d0bd33278423733d194299690d25a5a0fd3be6a821a07747306b6ae93847c272cd23f9de9385efd35ee9fe90db9070f743ca1
SSDEEP

1536:t0zMv8pC3P7YMyVvNreBnS8IzHDKVe+/656Lswn:SMrP7IvkR0OVe+/656LP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4508	1292	rundll32.exe	82
PID 1292 wrote to memory of 4508	1292	rundll32.exe	82
PID 1292 wrote to memory of 4508	1292	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c8240bc46683b865e2faa99c8113abe_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c8240bc46683b865e2faa99c8113abe_JaffaCakes118.dll,#1
  2⤵
  PID:4508