ce4f4e46994b2771e947be047b989433f9428299ac508d3a960db1b92a395961

Analysis

max time kernel
95s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 02:12

Target

2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll
Size

78KB
MD5

2ea5f29707700ac723e253f8309efa19
SHA1

b7f1c03688e980324052136221c847f3b11a89eb
SHA256

ce4f4e46994b2771e947be047b989433f9428299ac508d3a960db1b92a395961
SHA512

beaa8d4959e425ff42cb35b943eeb7ebc1218e81fe7391ce476fb28b94b711de2bf87ce1cf500517fbc6e043275797dbd44b4efa343410fa7a6fd09e6e4986da
SSDEEP

1536:oIKi2LjukMhQFk5mUgL3qcvfAKw1K0y3kVFPP4ZetS5mZEY:wLw6FLdAx008kT6glZEY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 4800	1664	rundll32.exe	81
PID 1664 wrote to memory of 4800	1664	rundll32.exe	81
PID 1664 wrote to memory of 4800	1664	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ea5f29707700ac723e253f8309efa19_JaffaCakes118.dll,#1
  2⤵
  PID:4800