e6965cd988c71890f4568e97e0ff4ee03d055df957807d598613dc13acabf3c3

Analysis

max time kernel
138s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 20:19

Target

64a8ec8c603ca1a6eb4d020c28a37353_JaffaCakes118.dll
Size

36KB
MD5

64a8ec8c603ca1a6eb4d020c28a37353
SHA1

09e95a4da090ecc48aa34461d0baf00a1b01d156
SHA256

e6965cd988c71890f4568e97e0ff4ee03d055df957807d598613dc13acabf3c3
SHA512

1902ba003258bfa12475b7402a40fbe000ea148a523fad71f87705d9fe6a723400af83f43fed4a4c5047368532fe2f433280f7ea93f01b9235a6cf2e0b917c7b
SSDEEP

768:5T1BNCkK5gVGxlaZql9J1oT1cIg7/fO3+a5hCDKR4plx85/t:hnNCl5X/J12y5736+4QWR4pzUV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 424 wrote to memory of 2576	424	rundll32.exe	84
PID 424 wrote to memory of 2576	424	rundll32.exe	84
PID 424 wrote to memory of 2576	424	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64a8ec8c603ca1a6eb4d020c28a37353_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64a8ec8c603ca1a6eb4d020c28a37353_JaffaCakes118.dll,#1
  2⤵
  PID:2576