def9984988dc3aeb505a8d3bc5009b51b8ee1808f1f0d0ea943371466137421b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 05:17

Target

40562f7b357c3f194c88129920ed104b_JaffaCakes118.dll
Size

141KB
MD5

40562f7b357c3f194c88129920ed104b
SHA1

f9994d32611b7eceeacdfdb85cb6a1e3c30c799f
SHA256

def9984988dc3aeb505a8d3bc5009b51b8ee1808f1f0d0ea943371466137421b
SHA512

a8dd9f95e25a85ede259d63a7bdfd1d2d5157aac895fd1075b398fa2240e6e79749ea726fbd7cc61c8442cc56cdf434163047383646b50dbb59f54cd258d0c88
SSDEEP

3072:dECAJhkdOP17s/qaOi08OwyHxcnZGCCXl11PllV1V:dEvgOP17s/F08OaoCC1vl1V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 3152	5052	rundll32.exe	83
PID 5052 wrote to memory of 3152	5052	rundll32.exe	83
PID 5052 wrote to memory of 3152	5052	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40562f7b357c3f194c88129920ed104b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40562f7b357c3f194c88129920ed104b_JaffaCakes118.dll,#1
  2⤵
  PID:3152