b4d9d532c621dbe1ba96e0028eb50ad9389ce790b8fee816664b51a0694c64cc

Analysis

max time kernel
135s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 14:47

Target

1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll
Size

340KB
MD5

1fb284dc231f874b6ea675b7edbd4d0b
SHA1

87916d61e10b6ed2970502ad16be1c4f9a325ccf
SHA256

b4d9d532c621dbe1ba96e0028eb50ad9389ce790b8fee816664b51a0694c64cc
SHA512

2d951128146c96249b4118cd8fc641219da670f7a49dd4a075af9df8b3cf5976918104082327eeb0f6fda3b60b56975aa3139595ddceed6fa58376853cce68f5
SSDEEP

3072:XvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:X206xWgGxLxWN40PDKR/JnXya

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3040 wrote to memory of 4912	3040	rundll32.exe	rundll32.exe
PID 3040 wrote to memory of 4912	3040	rundll32.exe	rundll32.exe
PID 3040 wrote to memory of 4912	3040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1fb284dc231f874b6ea675b7edbd4d0b_JaffaCakes118.dll,#1
2⤵
PID:4912