5009deb8788132352f601bb3b2d254bdbf84fca52e260e55edb5d05a8d789c41

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 03:16

Target

147aa31e67b80c6f184ec06ae5d2162a_JaffaCakes118.dll
Size

346KB
MD5

147aa31e67b80c6f184ec06ae5d2162a
SHA1

7f170e58fbfdeea7c48592daf78c979c75e2d16c
SHA256

5009deb8788132352f601bb3b2d254bdbf84fca52e260e55edb5d05a8d789c41
SHA512

0aa998ab2d74b4427e59d6c77b246a6bbde586ff84c616c513005283bfe75277c2c8efe5ca3275885f6892e758d13d18c945592701544a267c7e87a5debf3336
SSDEEP

3072:u82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:92L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4544 wrote to memory of 320	4544	rundll32.exe	rundll32.exe
PID 4544 wrote to memory of 320	4544	rundll32.exe	rundll32.exe
PID 4544 wrote to memory of 320	4544	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\147aa31e67b80c6f184ec06ae5d2162a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4544

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\147aa31e67b80c6f184ec06ae5d2162a_JaffaCakes118.dll,#1
2⤵
PID:320