23f89b0df151ff0343adde32a87de601d4751c5f5d53f7d5fff7cf4ed4a4a36a

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 14:18

Target

30b8f47cdc17f0b3f20150bf763094fc_JaffaCakes118.dll
Size

202KB
MD5

30b8f47cdc17f0b3f20150bf763094fc
SHA1

cea0de990ef918654bf40d3ef64dd55f76c094ae
SHA256

23f89b0df151ff0343adde32a87de601d4751c5f5d53f7d5fff7cf4ed4a4a36a
SHA512

c6e63b8e2d2de4059079383e14d2631b2e9ed0b45abad96e27836d62f439716f66a091953d3f74a757d113489099741f3abcf0a5f77ddd963ffdfe7dd69b697d
SSDEEP

6144:c8yHRvk1ZPyjUvSWS5M9/I82LSyofGoYD79S:cbxvk1ZPyjUvSWS5M9/I82LSyof1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4992	5024	rundll32.exe	82
PID 5024 wrote to memory of 4992	5024	rundll32.exe	82
PID 5024 wrote to memory of 4992	5024	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\30b8f47cdc17f0b3f20150bf763094fc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\30b8f47cdc17f0b3f20150bf763094fc_JaffaCakes118.dll,#1
  2⤵
  PID:4992