5821abbb53e38d9bd853912a13126b83c2483abb9657f3a2e1e580051587fae5

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 20:08

Target

3631ecc351c4f1562db8b1af5016f36b_JaffaCakes118.dll
Size

25KB
MD5

3631ecc351c4f1562db8b1af5016f36b
SHA1

3290a0a41a17d3b94a0433481a7edae03485718b
SHA256

5821abbb53e38d9bd853912a13126b83c2483abb9657f3a2e1e580051587fae5
SHA512

a2efd43369dc854067c4828986c51e82957b21b6ac5a14b34edf40559ebc7be2c8785061e8bdc40603630898cde62a2cab0808e0f50ed6303f26291f31f38e3c
SSDEEP

384:i6Q4iW4NuaztttavknvDClfd177bI9CnqD2Y6awzfaRrIiG:44ZazttXvDCf17g9CqD56hzyRrIiG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4844	4924	rundll32.exe	83
PID 4924 wrote to memory of 4844	4924	rundll32.exe	83
PID 4924 wrote to memory of 4844	4924	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3631ecc351c4f1562db8b1af5016f36b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3631ecc351c4f1562db8b1af5016f36b_JaffaCakes118.dll,#1
  2⤵
  PID:4844