66cc902e7bf72bc45241edbce068ced89b0f4596b748191998aed4e85d194f7b

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 06:43

Target

48a83b4d4434cf4fc744ebc508dd1841_JaffaCakes118.dll
Size

32KB
MD5

48a83b4d4434cf4fc744ebc508dd1841
SHA1

ff2d1d05cca15484264b483336ddfe1e2909413c
SHA256

66cc902e7bf72bc45241edbce068ced89b0f4596b748191998aed4e85d194f7b
SHA512

4d2513fc8098e955445bf58a9de9f5d3ed1d99d086047ab2aff319b491eebca707bb50688593181e7bdd972b9c12e1a11a8010d948c1ed43991046c92797922a
SSDEEP

768:/bQqCiZHgb+X6glv+CrCgmUSacGo3VBffd6722MDylb0OqOSBRBw5:/bhCiZAW6glv+CrCgmUSacGo3VBfQ72I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 60	212	rundll32.exe	83
PID 212 wrote to memory of 60	212	rundll32.exe	83
PID 212 wrote to memory of 60	212	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48a83b4d4434cf4fc744ebc508dd1841_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48a83b4d4434cf4fc744ebc508dd1841_JaffaCakes118.dll,#1
  2⤵
  PID:60