f2473c3a54e1c405349005978a4a0f0547c2a9929dbf9c2baccc2e1b94649fd3

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 03:52

Target

379b69290c45748aba029e6549ffd601_JaffaCakes118.dll
Size

85KB
MD5

379b69290c45748aba029e6549ffd601
SHA1

1b7bae5adf232ac061084e11858659a7dd229f23
SHA256

f2473c3a54e1c405349005978a4a0f0547c2a9929dbf9c2baccc2e1b94649fd3
SHA512

e29748400005ad3539b57068001864dcb8627be30032c4b96f0ad6e326b713cdc2898cfc7893c8084303611f2ec96f426502c516cfe157e4185e2959e90f1549
SSDEEP

1536:22neioOx1253Bu6wU6YMJhjPBEdMvIQGPNrQYPa7Ck:2zVfu6w11EdMvIQ2rQYit

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5924 wrote to memory of 1168	5924	rundll32.exe	86
PID 5924 wrote to memory of 1168	5924	rundll32.exe	86
PID 5924 wrote to memory of 1168	5924	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\379b69290c45748aba029e6549ffd601_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\379b69290c45748aba029e6549ffd601_JaffaCakes118.dll,#1
  2⤵
  PID:1168