52321edc0c5a3fcb824d591c730e7783194ec5e1c0f617b40ffe760a876924eb

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 19:05

Target

0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll
Size

167KB
MD5

0c9bef0496980f1304a14e3fa7737146
SHA1

4a40d0bbe792271c0911c09c5cdd577d7e38a399
SHA256

52321edc0c5a3fcb824d591c730e7783194ec5e1c0f617b40ffe760a876924eb
SHA512

a910b0db163f6cec3914096b3b5a05503a3e92cec82fe60e900157a173bdc154c7376bb229b01612b05eb084427ea3820291d66714b00fd9bec7098972aef916
SSDEEP

3072:WAOoSg75OpGZlF9HX2okHlmzCSkiNi1ai2SHs1XveZCU:WAOoDMpGZz9GuCEkavSH2eZ7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4388 wrote to memory of 3704	4388	rundll32.exe	rundll32.exe
PID 4388 wrote to memory of 3704	4388	rundll32.exe	rundll32.exe
PID 4388 wrote to memory of 3704	4388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c9bef0496980f1304a14e3fa7737146_JaffaCakes118.dll,#1
2⤵
PID:3704