05ccc4fdf596c61556c3adc14f7a0e3b7e9bc63fcfacfa67f67365f4761b249c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 21:46

Target

3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll
Size

37KB
MD5

3218f1bb667ec01feeafed3b343c5c00
SHA1

a53681e613fbaffd8d08cc7acfe2e9ee10b3f04e
SHA256

05ccc4fdf596c61556c3adc14f7a0e3b7e9bc63fcfacfa67f67365f4761b249c
SHA512

39fdcaa943db2d16758e2aad13f89aad2ca0c00c91b5d7bbb80935370ee93fc4d0564430b1cd00b5c8ba87ac2d292410f09101f97f91544ec4a295786a14fbdb
SSDEEP

768:DoPNMi9s1QHrtosVGQecMrChD7IQilN41SVObyyTRv:kPNMo+QxucM+97IflNN6TRv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 1864	4744	rundll32.exe	81
PID 4744 wrote to memory of 1864	4744	rundll32.exe	81
PID 4744 wrote to memory of 1864	4744	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3218f1bb667ec01feeafed3b343c5c00_JaffaCakes118.dll,#1
  2⤵
  PID:1864