70ed33b91a64103f1dd4bbbe2020b22a920840e84c4b96ba8bca4fc9df55d4f8

Analysis

max time kernel
95s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 16:56

Target

3137927148680b60b0f370dcf9c045ff_JaffaCakes118.dll
Size

21KB
MD5

3137927148680b60b0f370dcf9c045ff
SHA1

469b9344b098250f0b7565f7191da5f71617d22f
SHA256

70ed33b91a64103f1dd4bbbe2020b22a920840e84c4b96ba8bca4fc9df55d4f8
SHA512

11385e1308b77239201016a952f314c05bffd38777310ad0f720f5f27f4fc1c2808e98862ac59bda4e603786ca24825c5fbe8cd4239a862645e61c9f1f1cc5eb
SSDEEP

384:+Gdd1+7M9eJoyJQH61hZR1/9/l2jwtnEFGLMbUJFOkll5bw0f4fEyf2LYaKfKmF:+GQYjYQa1hZR1/9dnEFGLq4Ok1bw0f4n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 1740	4536	rundll32.exe	81
PID 4536 wrote to memory of 1740	4536	rundll32.exe	81
PID 4536 wrote to memory of 1740	4536	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3137927148680b60b0f370dcf9c045ff_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3137927148680b60b0f370dcf9c045ff_JaffaCakes118.dll,#1
  2⤵
  PID:1740