2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270

Analysis

max time kernel
141s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 18:55

Target

5d3cd5fdd26d3f8b79acaeee08685c2a_JaffaCakes118.dll
Size

5KB
MD5

5d3cd5fdd26d3f8b79acaeee08685c2a
SHA1

41ee1ca3af24a305a8e42b2a862a63067e377bfd
SHA256

2eda97c03c7d80a9fcab10c2aef6f5e99486b52f17a07b2b973ea35e95765270
SHA512

5b361fceed72c23133b7f72ea56f27e6f91032d993b11e2e3909c6df7172b48775ee0dad2aca5c0c2d562d82b41c77c0c4eceeaa4ad7d2a6e524aaa285a26d9d
SSDEEP

48:6JbPqA2+aKcL77X7S7MLSOlVfiwKHOo5fHYZGJQBjTDyni1ebU9Ul86Y41ulca3Z:MPqARpwKuoWzLTKK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 828	1136	rundll32.exe	84
PID 1136 wrote to memory of 828	1136	rundll32.exe	84
PID 1136 wrote to memory of 828	1136	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d3cd5fdd26d3f8b79acaeee08685c2a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d3cd5fdd26d3f8b79acaeee08685c2a_JaffaCakes118.dll,#1
  2⤵
  PID:828