99415824c4ed7c56fe82eeb93d464dd59636314a7858eda3b2aab5f8cca49fd4

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 22:35

Target

3240378f7d95b760587428545f31a4e4_JaffaCakes118.dll
Size

106KB
MD5

3240378f7d95b760587428545f31a4e4
SHA1

e23c97c563da2bb5274cd7500de8bdda6bd3574a
SHA256

99415824c4ed7c56fe82eeb93d464dd59636314a7858eda3b2aab5f8cca49fd4
SHA512

25a9fc063a1db4c9964bb195ca34cb95834afc6799bc82233941c3d9d72ed73164c532aa7771473b730f67064847fb66682aa42624f33595e14602c324eb2afe
SSDEEP

1536:1lWjKmeHbWnFNAnJ+SJaRKiHJEUe5k4JvjB3zYeSPFfFME4nn0RmJ8g:OumeHCLWm8IEfkXFF40R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 4960	1692	rundll32.exe	82
PID 1692 wrote to memory of 4960	1692	rundll32.exe	82
PID 1692 wrote to memory of 4960	1692	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3240378f7d95b760587428545f31a4e4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3240378f7d95b760587428545f31a4e4_JaffaCakes118.dll,#1
  2⤵
  PID:4960