988448014eda58d8b87cbec4324c9e552ecb6eb2a565b8ec6d6d3e7eb354af1d

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 11:13

Target

38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll
Size

34KB
MD5

38e116395c0c7f2d871d6d4bf2c82159
SHA1

e1d55142340dd97a2bea39de7d1785b5b37830fe
SHA256

988448014eda58d8b87cbec4324c9e552ecb6eb2a565b8ec6d6d3e7eb354af1d
SHA512

a8aa20b7e1b82270d1bb5ba8ad26d536ee4f920b3a80fe30946f1687652333a1134b650f1572a104d58720f4879f58ed1967449013b79dae77e020283d26ebcd
SSDEEP

768:tlOTjhcY4591BlnONd7hFyDhChw59FR6lloy:tlOTL45jy7hF4M6XFR6lyy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 2360	4844	rundll32.exe	83
PID 4844 wrote to memory of 2360	4844	rundll32.exe	83
PID 4844 wrote to memory of 2360	4844	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38e116395c0c7f2d871d6d4bf2c82159_JaffaCakes118.dll,#1
  2⤵
  PID:2360