72b59644a83751eacd1779fb4fa563c98fe61e4c57cedf7d99b14243a25b8d82

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 11:43

Target

303c22dd0504d17004d2c540790b9c15_JaffaCakes118.dll
Size

204KB
MD5

303c22dd0504d17004d2c540790b9c15
SHA1

77c4822dcec85300918cd6a83058493a83e7ed14
SHA256

72b59644a83751eacd1779fb4fa563c98fe61e4c57cedf7d99b14243a25b8d82
SHA512

883320ee135f49361b65e536f544d06a17d1f74074f51d4f23edc2088e4d1702f1e572a859ee24982e398cbd1782453a07f7b59bd54cf0c19ad58f1688c6e2e8
SSDEEP

3072:MHGdA/hL7oWbXkdyDIlnU5PAF3Jo9b2eVT1QII8SfcWRuvmw0qHxcO5VH8ttO8qF:AcMxYF5cTI7e8Jw8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 3508	3748	rundll32.exe	82
PID 3748 wrote to memory of 3508	3748	rundll32.exe	82
PID 3748 wrote to memory of 3508	3748	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\303c22dd0504d17004d2c540790b9c15_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\303c22dd0504d17004d2c540790b9c15_JaffaCakes118.dll,#1
  2⤵
  PID:3508