889d19544f9edaba2cd1fec953763c83209e3c5d5249baf74724c5d7211458e6

Analysis

max time kernel
129s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 03:34

Target

20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll
Size

346KB
MD5

20f1843ca024a6ebc701ba49ae839a54
SHA1

50105efdca0e3f2b2fe12dc496382b8a5d66da5a
SHA256

889d19544f9edaba2cd1fec953763c83209e3c5d5249baf74724c5d7211458e6
SHA512

d9838c3211e385129820c1f9e38cd6b219d6e891dc559bcfc37169b5e08be09531d099064fa8882960d1ceb5da00c2de5ec8e1dc4823d622b4a4615f0f569124
SSDEEP

3072:q82jpiC2JG7HZb7XWQml/jz8A4diTE90Q6kF4CKAYRxvM:x2L7HN7Kl/jLA90QECrYR5M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4004 wrote to memory of 1508	4004	rundll32.exe	rundll32.exe
PID 4004 wrote to memory of 1508	4004	rundll32.exe	rundll32.exe
PID 4004 wrote to memory of 1508	4004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20f1843ca024a6ebc701ba49ae839a54_JaffaCakes118.dll,#1
2⤵
PID:1508