3a81acd86671778c0227308424513a3ab9f59c50ae7ca5d8d9add486e8152491

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 08:29

Target

49003a1d13b29574fa21190d1d8c2d44_JaffaCakes118.dll
Size

42KB
MD5

49003a1d13b29574fa21190d1d8c2d44
SHA1

bd6dc3f726b0ca825e8a575cbb1032222f76528e
SHA256

3a81acd86671778c0227308424513a3ab9f59c50ae7ca5d8d9add486e8152491
SHA512

6741438d3faec27d94985323bf7a33f59742a6934028a147b24f278b83e4a69615157e12ff2e2261d9e1e425f03eb5c690b90c7e7678107a2d899864942ebef0
SSDEEP

768:Gc9Uf/7O2/jXxShbanF0o6S1CWpFKHqPCsC8C57ZjKGcSNAEPHMJApha:/9UfP/jBdnl6SwWmHqPCsC8C5djKGzqj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 640	2612	rundll32.exe	83
PID 2612 wrote to memory of 640	2612	rundll32.exe	83
PID 2612 wrote to memory of 640	2612	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49003a1d13b29574fa21190d1d8c2d44_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49003a1d13b29574fa21190d1d8c2d44_JaffaCakes118.dll,#1
  2⤵
  PID:640