15015a041b1c494e5cc900d98ce8a853e71211899f2964328d7f9887c14d6bc2

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 23:21

Target

43a91abed4d19bcd169d00ad2934e5dd_JaffaCakes118.dll
Size

33KB
MD5

43a91abed4d19bcd169d00ad2934e5dd
SHA1

514b003b62c7a8dbd1c89db777c9f88c9d94a347
SHA256

15015a041b1c494e5cc900d98ce8a853e71211899f2964328d7f9887c14d6bc2
SHA512

ff7f894d4c2932a0dd833a9228720327f9df9d4f33997bc3e7d4d9eed9f14531db7dae91aa7804e08e3fbb99cdc9a419b0cb46224a7e3cfd779ba27ca33b6df2
SSDEEP

768:Lf/fosuj44q2F3FLBa7H7Qt7kZYnhYDLRKkS4:LnozB4bY7kZ0+vRKk1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 520 wrote to memory of 2692	520	rundll32.exe	83
PID 520 wrote to memory of 2692	520	rundll32.exe	83
PID 520 wrote to memory of 2692	520	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43a91abed4d19bcd169d00ad2934e5dd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43a91abed4d19bcd169d00ad2934e5dd_JaffaCakes118.dll,#1
  2⤵
  PID:2692