193aa0bf855f99016ba65a37aab1b0b208341eb7b980d0d62da505c48e9bba46

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 08:58

Target

387a7cea6d58617891574de146e010e6_JaffaCakes118.dll
Size

32KB
MD5

387a7cea6d58617891574de146e010e6
SHA1

a311c77554cfa725b9a2a75651478573410b71b5
SHA256

193aa0bf855f99016ba65a37aab1b0b208341eb7b980d0d62da505c48e9bba46
SHA512

eab00f5675b55445ffe76068b6c1f9762f832d6d9e11aa70ec9d3fe3e1055827c96de77e26053d9e055d6bd86cc178aca3180ea47dd0dcf1c53f8a570fac4137
SSDEEP

768:W7FFX0ogrmCSc19EkWQ75MM+li34iDzhqDFRWFT8:W7F1gr0c19d75MVlhCkxRWFg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 1176	4792	rundll32.exe	83
PID 4792 wrote to memory of 1176	4792	rundll32.exe	83
PID 4792 wrote to memory of 1176	4792	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a7cea6d58617891574de146e010e6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a7cea6d58617891574de146e010e6_JaffaCakes118.dll,#1
  2⤵
  PID:1176