d30f55a6c11d38aa9507218a950d7c996bfb350e0562d7a3ba04e60fd8a9e917

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 04:25

Target

334a88c3402c7af3d7f5dbf339658987_JaffaCakes118.dll
Size

36KB
MD5

334a88c3402c7af3d7f5dbf339658987
SHA1

c9e11780513d2cea60ec42983851dc96a4c9e010
SHA256

d30f55a6c11d38aa9507218a950d7c996bfb350e0562d7a3ba04e60fd8a9e917
SHA512

6641625ca205090b31b5b39de10e76e02ae11a65d7e538469e10d20946bbede3a4043ef4a3074f0c7c7876199bcb6cc54a04c2c666c4bf9044f768f3a1c26f77
SSDEEP

768:33NxRvsOBcK4U0wimOz3isBOzWx2DAMkBBQARQkxhHA:39XmR92DAMkBBQART

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 1768	3640	rundll32.exe	81
PID 3640 wrote to memory of 1768	3640	rundll32.exe	81
PID 3640 wrote to memory of 1768	3640	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\334a88c3402c7af3d7f5dbf339658987_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\334a88c3402c7af3d7f5dbf339658987_JaffaCakes118.dll,#1
  2⤵
  PID:1768