113f0dc4c8322a03dad637a53c0fa2ec7a86f63287e111184beebb7d0a28074e

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 11:42

Target

45a9c7e7e71cc7f0b2f839067720ae0e_JaffaCakes118.dll
Size

204KB
MD5

45a9c7e7e71cc7f0b2f839067720ae0e
SHA1

1e4cfd2a10c764c7a6747e7fdc69974d441b57f2
SHA256

113f0dc4c8322a03dad637a53c0fa2ec7a86f63287e111184beebb7d0a28074e
SHA512

b2a5865a67326a1c8bf7f4dd048d88d690b9c834a70c36c9e4f0fe890dd8962ee36e7accb8c0bacf988c9c62f431d7340a8815f43f68873fad731ceefe53bf72
SSDEEP

3072:thlJ/hn7LWnPIdyDIRbB+oDpJR9b5ivrVnfVHSfcIRwbmw0qHxcO5VH66JAX6gAX:FXoIDHYrCQKX6gARBD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 1780	3092	rundll32.exe	83
PID 3092 wrote to memory of 1780	3092	rundll32.exe	83
PID 3092 wrote to memory of 1780	3092	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a9c7e7e71cc7f0b2f839067720ae0e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a9c7e7e71cc7f0b2f839067720ae0e_JaffaCakes118.dll,#1
  2⤵
  PID:1780