c827a5ecc7da96027eba91ad1693536f1d715e1962dc9fd782a527714a1d0130

Analysis

max time kernel
96s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 14:55

Target

2cc54f5d3b7af89bfdef19c93d36210f_JaffaCakes118.dll
Size

221KB
MD5

2cc54f5d3b7af89bfdef19c93d36210f
SHA1

76564a40d790ecf413d868138ff5665f3e505271
SHA256

c827a5ecc7da96027eba91ad1693536f1d715e1962dc9fd782a527714a1d0130
SHA512

31e91e5843a38b9231080ddace057d81134b25775bece0409aa3052486a2b1d14918d501feb1d1466f4515320b043a27688d881314383ceb461f769c9abce816
SSDEEP

3072:+gpZQhmMdos27+833+fiOPv9gvpmSrGTBfRv7wPdeZZS5N7Yn4:wdosaENPvUpmyGTBJDwPd4Za7l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4392	3472	rundll32.exe	82
PID 3472 wrote to memory of 4392	3472	rundll32.exe	82
PID 3472 wrote to memory of 4392	3472	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc54f5d3b7af89bfdef19c93d36210f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cc54f5d3b7af89bfdef19c93d36210f_JaffaCakes118.dll,#1
  2⤵
  PID:4392