f7335e28e0b64c1e057723888130e5721bfa117a0b3d38410d25e0d648398330

Analysis

max time kernel
137s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 20:24

Target

0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll
Size

346KB
MD5

0aad9d4e2b506e4e2db5e20d10c99511
SHA1

e30febe5d3911fbd03a0d036b673f6457f3bb5e7
SHA256

f7335e28e0b64c1e057723888130e5721bfa117a0b3d38410d25e0d648398330
SHA512

366147474e56ec4c2384c5d82a7946599b5ac0418eacc0d3f5c073a402ce2caa24820e1f5b702b2d2c4b0d8e83276e38ff91f0f7e93b6185a94cf17c456002ee
SSDEEP

3072:V82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:u2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3860 wrote to memory of 4736	3860	rundll32.exe	rundll32.exe
PID 3860 wrote to memory of 4736	3860	rundll32.exe	rundll32.exe
PID 3860 wrote to memory of 4736	3860	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3860

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0aad9d4e2b506e4e2db5e20d10c99511_JaffaCakes118.dll,#1
2⤵
PID:4736