12962aef4503375ca63a4f324910a97f063e35125206461d92aa3038013b5eb0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 00:04

Target

2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll
Size

40KB
MD5

2e4ed03c228fa12890f9843d2f9b3e17
SHA1

cc2fcea5fe2345133257bc45505bedca3a751d02
SHA256

12962aef4503375ca63a4f324910a97f063e35125206461d92aa3038013b5eb0
SHA512

f6ce7065e5aa705f69d4bd4ebeb8201d1f837a8db5accd12c0534195505f797923bfc44e57be75549a73c6897b1c9da68baeec52c37db33d1c11f575006b3c06
SSDEEP

768:Ax8RDiAPBZEQvJf7eAO7wTEpSoX+hP6fWBoREfT4T/ZQ:AxUDJvJfKn7wTuluhKaoRiT4Ta

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 1588	2400	rundll32.exe	82
PID 2400 wrote to memory of 1588	2400	rundll32.exe	82
PID 2400 wrote to memory of 1588	2400	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e4ed03c228fa12890f9843d2f9b3e17_JaffaCakes118.dll,#1
  2⤵
  PID:1588