7d98c88a8acd2a01a74a42778e8adfac056d76d5d1a4610474d42b476c2091de

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 18:43

Target

31883f818794401cf2ee0efec9a0df3d_JaffaCakes118.dll
Size

340KB
MD5

31883f818794401cf2ee0efec9a0df3d
SHA1

26c920203c48a2379def52dbca6f209280dfac65
SHA256

7d98c88a8acd2a01a74a42778e8adfac056d76d5d1a4610474d42b476c2091de
SHA512

54b182086247b7aa1f9d5f3d56cdf554abce0d55aaaf91de75e835fed072abae3be0c924fcaf0644e85f80ad8c747e55e92020e26d7e3fa430438b1d25b91e9d
SSDEEP

3072:fvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:f206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 3828	3524	rundll32.exe	81
PID 3524 wrote to memory of 3828	3524	rundll32.exe	81
PID 3524 wrote to memory of 3828	3524	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31883f818794401cf2ee0efec9a0df3d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31883f818794401cf2ee0efec9a0df3d_JaffaCakes118.dll,#1
  2⤵
  PID:3828