d14c0e7a83673138d41758c02abb805ff243080a3a3b69f62007aab8913b245e

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 09:30

Target

3428b63088401510102586204d40bef0_JaffaCakes118.dll
Size

172KB
MD5

3428b63088401510102586204d40bef0
SHA1

6f72293fe8662073309d23ec329a0cf51b93c65b
SHA256

d14c0e7a83673138d41758c02abb805ff243080a3a3b69f62007aab8913b245e
SHA512

e6cf760fd04875383b96aba36df0172404abcfb754d8b4a2d9bb04d95d3173eb93799b22c9cc4d414168ae19dabed4b6c3db43c4b707b3b37b3985ad22d0caa8
SSDEEP

3072:Xg09otDeb1GfNbhkD9FsycY14n0GMJ13O5WKlGex0zgnxkypWTkCFlRaAjS8:Xg0SK5Glbh6en0lLWGex05ypykmbaA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 5096	1128	rundll32.exe	83
PID 1128 wrote to memory of 5096	1128	rundll32.exe	83
PID 1128 wrote to memory of 5096	1128	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3428b63088401510102586204d40bef0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3428b63088401510102586204d40bef0_JaffaCakes118.dll,#1
  2⤵
  PID:5096