d53422c51fd3e0e72fafb55d2f3778e269f4d4a3c42804bcde07292d05db12c1

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 04:42

Target

662e48bfebb161e3f084ffa7e74360d9_JaffaCakes118.dll
Size

63KB
MD5

662e48bfebb161e3f084ffa7e74360d9
SHA1

043c844a23e4f3e78308168b817ab30fc0f9291a
SHA256

d53422c51fd3e0e72fafb55d2f3778e269f4d4a3c42804bcde07292d05db12c1
SHA512

6025006a54f7e26e033be2d832549616c983bd2433de455585c40632679d0ae2a56ae1011c1489c6ac5d3e6f8ddea7510f96ace9534aaa74fdd3d9f5b489fbbc
SSDEEP

768:xdOx2e7xoo7So9ySoJPBIB1aZr0vyLjoDf4RPPvDbPPhf56edDDfLrzAuSXjL7Xf:xdQoiv9eJpYGy4R31eqeKCv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 1192	4924	rundll32.exe	83
PID 4924 wrote to memory of 1192	4924	rundll32.exe	83
PID 4924 wrote to memory of 1192	4924	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\662e48bfebb161e3f084ffa7e74360d9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\662e48bfebb161e3f084ffa7e74360d9_JaffaCakes118.dll,#1
  2⤵
  PID:1192