0d0b317420112ffb30b880697436d9faea206010630eefd99b7dbda504cf5899

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 09:15

Target

62a81161d36c88834b0742261ff32a74_JaffaCakes118.dll
Size

340KB
MD5

62a81161d36c88834b0742261ff32a74
SHA1

505042ae9dfa02c962471d2b464c9a08f40ed366
SHA256

0d0b317420112ffb30b880697436d9faea206010630eefd99b7dbda504cf5899
SHA512

f796182f595531ff8aba3aad385edceb59a8f0b3b9eb84bb42bd6615d362103ba5e9f80c7f031b66f292f47f749b6124c5ef551b0c3ecde90853df23d3350fa8
SSDEEP

3072:qvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:q206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 752	4624	rundll32.exe	84
PID 4624 wrote to memory of 752	4624	rundll32.exe	84
PID 4624 wrote to memory of 752	4624	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62a81161d36c88834b0742261ff32a74_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62a81161d36c88834b0742261ff32a74_JaffaCakes118.dll,#1
  2⤵
  PID:752