8f7760e23f95888a0c2258d1d046830ea6ce6adc076d106a4bda680f189ee53f

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 15:31

Target

63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll
Size

34KB
MD5

63bf67eb96e29102e5ca3c7e8195f614
SHA1

d1debf02a0cd556e03861befd33f8592c0e4e066
SHA256

8f7760e23f95888a0c2258d1d046830ea6ce6adc076d106a4bda680f189ee53f
SHA512

d784ded06695823bad2921cf1c20bfffd62c277f38d97416f417dd7ddc8dcfa8903f17c51d6166dd44fdd5d756724953908e2601964ed85e035fdd3ab63a7f5f
SSDEEP

768:nQmMc71Y7nda7FHTk12m3/W738HYKoOqhnPLRB1y9:QmMc7AWa12me738HypTRHy9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 2536	1616	rundll32.exe	84
PID 1616 wrote to memory of 2536	1616	rundll32.exe	84
PID 1616 wrote to memory of 2536	1616	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\63bf67eb96e29102e5ca3c7e8195f614_JaffaCakes118.dll,#1
  2⤵
  PID:2536