99589b88a22a22fdd8b86c1fb798d081c17affbb03d8b4e210d8f42ae2c85064

Analysis

max time kernel
95s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 11:42

Target

49a0ef025fb84d905be003dd413cb430_JaffaCakes118.dll
Size

587KB
MD5

49a0ef025fb84d905be003dd413cb430
SHA1

c0259012301b712bd22a8787f60e2a5733adcc7d
SHA256

99589b88a22a22fdd8b86c1fb798d081c17affbb03d8b4e210d8f42ae2c85064
SHA512

354b0fcca020acd2ce3972d88ef6f2617394405a6c22435fc21bea874ac31cd101188188ac9d952cd365704620590a3d5dfdac725f12adfff3d2c8cee7d08258
SSDEEP

12288:M5tQlVR2/kr0/Eotvu2ZDjf++kstdlzubQxt3Vs3NIrRhOjJpRcXOWwrds62gUUS:M5tQlV8/kr0/EoZu2ZDjf++kstdlzubS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 228	4568	rundll32.exe	84
PID 4568 wrote to memory of 228	4568	rundll32.exe	84
PID 4568 wrote to memory of 228	4568	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49a0ef025fb84d905be003dd413cb430_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49a0ef025fb84d905be003dd413cb430_JaffaCakes118.dll,#1
  2⤵
  PID:228