b9c6d80fa6af84a90cfb588a4621b125a7ae30ce1d8604bc7ee8d6bda9a1f9c3

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 23:32

Target

43b2772ac9107eee6da5df5e7d47a035_JaffaCakes118.dll
Size

1.6MB
MD5

43b2772ac9107eee6da5df5e7d47a035
SHA1

4e3e2beffab385c2f4e8da180d106893ee2ebee1
SHA256

b9c6d80fa6af84a90cfb588a4621b125a7ae30ce1d8604bc7ee8d6bda9a1f9c3
SHA512

12c6878273f71d0c068793300a889e0e3d1320c20f8f5effbaa6b71c865a15d3d25117ea847c8007f6674bc92a3263fb0ded5320db6350b1f8d03b3579cd4dda
SSDEEP

24576:AjKwEnbX4J6TqNMCACrjkbBsUpr3Y3KJIEQDYdZmrHuA8LVULl55smwQc9+bNTYq:WEs7k6OrxAB+UqC5bNTY+TnxpUx03

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 3832	3888	rundll32.exe	84
PID 3888 wrote to memory of 3832	3888	rundll32.exe	84
PID 3888 wrote to memory of 3832	3888	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43b2772ac9107eee6da5df5e7d47a035_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43b2772ac9107eee6da5df5e7d47a035_JaffaCakes118.dll,#1
  2⤵
  PID:3832