b63d2011a5585c6a20668fef488c3d2b00e6a081e3a66bed4dc076b2054e0d8a

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 12:08

Target

49b63c7d4f433edfc93ff92ef5285f16_JaffaCakes118.dll
Size

54KB
MD5

49b63c7d4f433edfc93ff92ef5285f16
SHA1

761717406028efdd9ae302eb2285c19f569ed349
SHA256

b63d2011a5585c6a20668fef488c3d2b00e6a081e3a66bed4dc076b2054e0d8a
SHA512

3c88e0f53761e11a3f133db3b1748f71d61ae1bdfc1d4fcd66cffd8dc20191a85ac7ed792046157fbdd9e0b30e8768e8bb77ce825855315209833d7a69c33fd3
SSDEEP

768:2788TBHR7oOj33NvwSFbyx9GGB8oYMW3NF:2788TBHldxtbAcLoTW3z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2576	2600	rundll32.exe	83
PID 2600 wrote to memory of 2576	2600	rundll32.exe	83
PID 2600 wrote to memory of 2576	2600	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b63c7d4f433edfc93ff92ef5285f16_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b63c7d4f433edfc93ff92ef5285f16_JaffaCakes118.dll,#1
  2⤵
  PID:2576