058aad0efd6dc2973061d272552a42013916283c9756f2bbca4c4225c94d6b89

Analysis

max time kernel
140s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:26

Target

62b078b46180bcbf42ddfad7a02576c3_JaffaCakes118.dll
Size

73KB
MD5

62b078b46180bcbf42ddfad7a02576c3
SHA1

eb19f943581c563f191ea1ddae30339aaa6b518a
SHA256

058aad0efd6dc2973061d272552a42013916283c9756f2bbca4c4225c94d6b89
SHA512

8bbac888a13e28d4ef77fc5247666544225cfccf89171b1a0a6346b01e52e0d248ddb37e61f2feae2309b5a8b289ea7d59731bd38af6ffc439d73b3fca774a5f
SSDEEP

1536:mV3cVsrbxdE8ljshB76x/6AYZLXf+4W+N8krvZ/st/54:U3rbxdE8lJ/ALP+9+iMvBsk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 4132	3416	rundll32.exe	84
PID 3416 wrote to memory of 4132	3416	rundll32.exe	84
PID 3416 wrote to memory of 4132	3416	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b078b46180bcbf42ddfad7a02576c3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b078b46180bcbf42ddfad7a02576c3_JaffaCakes118.dll,#1
  2⤵
  PID:4132