b572c9636c4dc8aec7ae250fa5953409ac386b9856fb0150f8e2b4c7bc9a698f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 12:46

Target

5c00d045ca42ad22f55dc950ca7de981_JaffaCakes118.dll
Size

32KB
MD5

5c00d045ca42ad22f55dc950ca7de981
SHA1

4d272cc1a4f4793c74a7a1652cc6cdd449d8a2ad
SHA256

b572c9636c4dc8aec7ae250fa5953409ac386b9856fb0150f8e2b4c7bc9a698f
SHA512

d9f51fccad4c7a838e119dddf70f9b44d774ba01d9c765036e79bf3d4c2488a8e642397d2a7c9387b7f7a6522cb69a5d0345cc7b7818edc07489755cad503da4
SSDEEP

768:yZ2I7fc/zqbCP7yvVeiEZlhCDilRbBWbte:y0Iw/zqA7QVeiEr8OlRbBWbte

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 2596	3180	rundll32.exe	84
PID 3180 wrote to memory of 2596	3180	rundll32.exe	84
PID 3180 wrote to memory of 2596	3180	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c00d045ca42ad22f55dc950ca7de981_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c00d045ca42ad22f55dc950ca7de981_JaffaCakes118.dll,#1
  2⤵
  PID:2596