98c4b9e9a1b20b69ba8dbda44199960f5037b7bc717158e6e9d05acdeb9424fe

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 12:46

Target

1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll
Size

346KB
MD5

1f5e029b51fdd9e223116ba34e25d1ee
SHA1

7be734a9e347df4397139f8f6f525ec7922428ca
SHA256

98c4b9e9a1b20b69ba8dbda44199960f5037b7bc717158e6e9d05acdeb9424fe
SHA512

85223132747799a41c481df48f6d05f9a4437a080723a74c57c67227f4c3f38767cd7edae3ba7a03373e39535f6cb16c883b41fb0765a3bfe0b22ae98b273835
SSDEEP

3072:e82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRkcj:t2L7HN7Kl/jLA90QECrYRpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 668 wrote to memory of 4596	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 4596	668	rundll32.exe	rundll32.exe
PID 668 wrote to memory of 4596	668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1f5e029b51fdd9e223116ba34e25d1ee_JaffaCakes118.dll,#1
2⤵
PID:4596