f07bd67c2cff0995916def3dcdb601af9ad25419e13e30faaaf2ebf84e329d2f

Analysis

max time kernel
120s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 16:33

Target

427950bc59d6bf2ff35ae844c01fde08_JaffaCakes118.dll
Size

102KB
MD5

427950bc59d6bf2ff35ae844c01fde08
SHA1

616dce86f8d984e3bfa19b845667999d9db72004
SHA256

f07bd67c2cff0995916def3dcdb601af9ad25419e13e30faaaf2ebf84e329d2f
SHA512

722d9b776dacacf0b3ce6c03ff1e4ecbdcc222d32483088d974c6fe72235012374801f155f609a40e702645a42f3c96d85c9c2357ad191f52ca6cc1a1a810344
SSDEEP

1536:PNljeUtUYZ8qNiW3FLwLfbwCPyySIG5cab1pjkiM+N2fe20aXO75lp:VeYZ8xgib6ySIGmaBpjkUr20aXO75

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 3188	740	rundll32.exe	83
PID 740 wrote to memory of 3188	740	rundll32.exe	83
PID 740 wrote to memory of 3188	740	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\427950bc59d6bf2ff35ae844c01fde08_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\427950bc59d6bf2ff35ae844c01fde08_JaffaCakes118.dll,#1
  2⤵
  PID:3188