ad6f2a51b9efadfe775bf690ca709298ec5cceebb388cd8a896cf279593406fd

Analysis

max time kernel
32s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 16:25

Target

42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll
Size

12.1MB
MD5

42731548efd2ec1272c13ff1a37fc1b1
SHA1

acc7ac4171edcb2704e741b83d181827437b3f8a
SHA256

ad6f2a51b9efadfe775bf690ca709298ec5cceebb388cd8a896cf279593406fd
SHA512

1b9671387a97e54b878b093ab9226672ddb4166fcb4999eb9d03e1bc66ba34d9bfc040d00aa3cebf71d04b15518ea22168d19d3e59502fce6d9cb34782f19d9e
SSDEEP

3072:lyPIiqHY3yVhKmq7AF/1ForUIG9OU8WserayuNpPmyN:p53A7ALu1G8mseraPNRmy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 464	4312	rundll32.exe	81
PID 4312 wrote to memory of 464	4312	rundll32.exe	81
PID 4312 wrote to memory of 464	4312	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42731548efd2ec1272c13ff1a37fc1b1_JaffaCakes118.dll,#1
  2⤵
  PID:464