889ba4d9dab601a4d9d18cea0160b08278f3e1c227a9d7ec39f60bda4789d3a7

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 17:43

Target

42b25adc8275c43cae862f136ba8a943_JaffaCakes118.dll
Size

60KB
MD5

42b25adc8275c43cae862f136ba8a943
SHA1

6aae59e6ab9a5beb3060af4c137f8a01493253d4
SHA256

889ba4d9dab601a4d9d18cea0160b08278f3e1c227a9d7ec39f60bda4789d3a7
SHA512

3827f7be34372da14a1431e1f8d340c975d8314b9cc01bbdbaff16eab4ce6cb8e339552e2f97a697e45832f8a19c2ae5f6082d16574bab428e1672c519db7a49
SSDEEP

1536:zfaHAqHXaGJq4tS9KX+x5NKGeTdGh38aZl0nkKV:zfSAqH2uiKdTdZRnkK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2952	2564	rundll32.exe	83
PID 2564 wrote to memory of 2952	2564	rundll32.exe	83
PID 2564 wrote to memory of 2952	2564	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42b25adc8275c43cae862f136ba8a943_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42b25adc8275c43cae862f136ba8a943_JaffaCakes118.dll,#1
  2⤵
  PID:2952