87dbd4994c18e910d8b45e460f7656ec9d9dc676211ce33241c5a77a537c5b4e

Analysis

max time kernel
140s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 23:57

Target

004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll
Size

340KB
MD5

004ecb4bdce738be851e4fca7a06e477
SHA1

242cc6b966419211f40ddc14e55b6a1a42a96f9d
SHA256

87dbd4994c18e910d8b45e460f7656ec9d9dc676211ce33241c5a77a537c5b4e
SHA512

dd18f568d7f1a2df8ab5e099d8c39ce0ce49940bf03cd76b2491f32e8bf5c9e545b94c6a3dab9c8bcbfdc12b8de8a0e0752b21b2298c400f6908939036c10793
SSDEEP

3072:zvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:z206xWgGxLxWN40PDKR/JnXya

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 532 wrote to memory of 1972	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 1972	532	rundll32.exe	rundll32.exe
PID 532 wrote to memory of 1972	532	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\004ecb4bdce738be851e4fca7a06e477_JaffaCakes118.dll,#1
2⤵
PID:1972