215bb4db1babce98fb51de65f4010d01521050b6e45c219a30a40c832e49be60

Analysis

max time kernel
139s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 12:04

Target

49b293ad54800a7ee5ba095252dfe718_JaffaCakes118.dll
Size

35KB
MD5

49b293ad54800a7ee5ba095252dfe718
SHA1

f8f23c6912c437daa7f90ca61a02a24d7ba4b45f
SHA256

215bb4db1babce98fb51de65f4010d01521050b6e45c219a30a40c832e49be60
SHA512

1a5f098adbe566b48f3c540576ae0c983d2b009d945bc50f4496cb698546d5bf9ac169a40ac875ba2b5a5915c557af7553aba5d482c17a416ce76b421a1ff1bb
SSDEEP

768:n81qTcYVr4QjSYqv/OlU7QMh5rPKChwT9kRjaSx:81qTn+5v57Vh5/6BkRjb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 2936	4748	rundll32.exe	85
PID 4748 wrote to memory of 2936	4748	rundll32.exe	85
PID 4748 wrote to memory of 2936	4748	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b293ad54800a7ee5ba095252dfe718_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b293ad54800a7ee5ba095252dfe718_JaffaCakes118.dll,#1
  2⤵
  PID:2936