6c3d8c6c68eb58e8ed9465ace24aad30686d1b1a985895d00ac57a2321823e42

Analysis

max time kernel
101s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 04:57

Target

4465859043b799e4e65cfea39c64db0e_JaffaCakes118.dll
Size

61KB
MD5

4465859043b799e4e65cfea39c64db0e
SHA1

b73ac960e790c5a85dd8844bf6bfa29a80492fbd
SHA256

6c3d8c6c68eb58e8ed9465ace24aad30686d1b1a985895d00ac57a2321823e42
SHA512

289c7601acfae9bfe11eee84233754757c2e2bd61115241f0eea240707ece000a33bbf50b30afdc62cf904e542874c260dbef7d1cae0d37f41f233fa192590a3
SSDEEP

1536:vFW8nKooyA/EyW7dO22NWjisH+OteiLW:AmA/hW7JnjisH+Oteiy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 2256	3788	rundll32.exe	82
PID 3788 wrote to memory of 2256	3788	rundll32.exe	82
PID 3788 wrote to memory of 2256	3788	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4465859043b799e4e65cfea39c64db0e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4465859043b799e4e65cfea39c64db0e_JaffaCakes118.dll,#1
  2⤵
  PID:2256