9bc55e5996b89d26bd5fba840f417f6d111e50e1cbafe7badd8515c19a676ec0

Analysis

max time kernel
92s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 05:26

Target

2f2179615c036cbcaf95bea97a50c86c_JaffaCakes118.dll
Size

220KB
MD5

2f2179615c036cbcaf95bea97a50c86c
SHA1

dd04b5498f17834a8464c004bfc7aa66aa04b9f5
SHA256

9bc55e5996b89d26bd5fba840f417f6d111e50e1cbafe7badd8515c19a676ec0
SHA512

20ce33de1dc72f07fc5b7ee8c89914530add852598890570aef3124b1103d1b4cac96988f4dfa7063cb23bd4d1faa4d6de66d893b4757a884c4d09d869fca5c1
SSDEEP

3072:KmQoo+R9TO0Z4La16Oeqixw/bsM8zX5vY6wrLGUf7VMklZlUgadoDGR8J:ZQqR9HeWain826wrjVMiPa+J

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 4372	3620	rundll32.exe	82
PID 3620 wrote to memory of 4372	3620	rundll32.exe	82
PID 3620 wrote to memory of 4372	3620	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f2179615c036cbcaf95bea97a50c86c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f2179615c036cbcaf95bea97a50c86c_JaffaCakes118.dll,#1
  2⤵
  PID:4372