2f4e889d1f139c65e6fad215fa820a35c241305c787bd64d89b18ad16c124bc9

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 16:36

Target

46a2ca5b33bc2bd647f64cf866c98282_JaffaCakes118.dll
Size

340KB
MD5

46a2ca5b33bc2bd647f64cf866c98282
SHA1

76f7b9193d7c7ec1d218304dfdc05db29137e09a
SHA256

2f4e889d1f139c65e6fad215fa820a35c241305c787bd64d89b18ad16c124bc9
SHA512

27ecb85ce28ffc63d158261e6261732c58db900aaa4b09da89de88f20e9d8ffce8382ba7a34f646e30becfb49a36bb548013dfa99950af902468c4c22aee38e6
SSDEEP

3072:5vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:5206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4824	3932	rundll32.exe	83
PID 3932 wrote to memory of 4824	3932	rundll32.exe	83
PID 3932 wrote to memory of 4824	3932	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\46a2ca5b33bc2bd647f64cf866c98282_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\46a2ca5b33bc2bd647f64cf866c98282_JaffaCakes118.dll,#1
  2⤵
  PID:4824