37252c8b41f61d36371604bcb6da0d55145851e174af4e5bad942559d19527f6

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 14:05

Target

4623d56925be2ca1114865363ac8f1ec_JaffaCakes118.dll
Size

204KB
MD5

4623d56925be2ca1114865363ac8f1ec
SHA1

9f55fcc7fb22eb1c956767289b574f335693b715
SHA256

37252c8b41f61d36371604bcb6da0d55145851e174af4e5bad942559d19527f6
SHA512

e1d1c0edd9fd1451202c566fb9375f84426d72426149ad57284eae355c2459e43868bdde89a082b103897612c617b826368a825f32921dbdcdbec8500cc0f09c
SSDEEP

3072:Y9mqZ5xn7NWydCdyDIjxrCxDTqJ85bG7LNYaVZ4vSccGRbTm/0qHkcO5VnGA1uCr:mBR48TIvNYMyuCj2O

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3120	5096	rundll32.exe	83
PID 5096 wrote to memory of 3120	5096	rundll32.exe	83
PID 5096 wrote to memory of 3120	5096	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4623d56925be2ca1114865363ac8f1ec_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4623d56925be2ca1114865363ac8f1ec_JaffaCakes118.dll,#1
  2⤵
  PID:3120