d9fccbed3f0ed3f14b0c522d088a630e118e7da9294d9f7d2c2ea5102ffa8cd8

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 07:22

Target

4d50814f570cce66b3de369bbd253926_JaffaCakes118.dll
Size

340KB
MD5

4d50814f570cce66b3de369bbd253926
SHA1

1c93c582da50939fb1cd19a71a9fa6de622f2d8c
SHA256

d9fccbed3f0ed3f14b0c522d088a630e118e7da9294d9f7d2c2ea5102ffa8cd8
SHA512

ab38434d0b3a885d892ee8bc5edfc2114e6a5e214aa3763783b9d5ed463605d51337f75cec081366441d0fdf0338b239079f530160af3ddf25ed76796e880b0c
SSDEEP

3072:MvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:M206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3996	5112	rundll32.exe	83
PID 5112 wrote to memory of 3996	5112	rundll32.exe	83
PID 5112 wrote to memory of 3996	5112	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d50814f570cce66b3de369bbd253926_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d50814f570cce66b3de369bbd253926_JaffaCakes118.dll,#1
  2⤵
  PID:3996