486da4dee0f745ef4362470822708ab09a7df38ba8f1e01184a84e441057ca4b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 16:47

Target

312f8b37b4a9f6bdb41166f50e01a949_JaffaCakes118.dll
Size

204KB
MD5

312f8b37b4a9f6bdb41166f50e01a949
SHA1

a5f2621d18676efcff9e624b61510726d8033c40
SHA256

486da4dee0f745ef4362470822708ab09a7df38ba8f1e01184a84e441057ca4b
SHA512

e15534e45692b9f3bc167f843ee4cf93a8bf9d72690e4fe9065d033279c3b0dc6e5926d81f831b61239ddebe191ce8c67340fd9f50af242b3027f31ebc974ef1
SSDEEP

3072:wY372KhY7mWLT4dyDI2PhuY6yJ89bZxL71QIQ8SfcWRQvmw0qHxcO5VHP6NvHEcw:AyMn6wU7OAwHEcru2R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2920	2792	rundll32.exe	80
PID 2792 wrote to memory of 2920	2792	rundll32.exe	80
PID 2792 wrote to memory of 2920	2792	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\312f8b37b4a9f6bdb41166f50e01a949_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\312f8b37b4a9f6bdb41166f50e01a949_JaffaCakes118.dll,#1
  2⤵
  PID:2920