bd34c8639eb4765ead3d6d0c159351ea0aa2893000c85db2aad98b2cd46fa40b

Analysis

max time kernel
147s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04/04/2024, 17:23

Target

be47b6328606d05560af2fa0f2e2d2f0_JaffaCakes118.dll
Size

8.4MB
MD5

be47b6328606d05560af2fa0f2e2d2f0
SHA1

1fbb969234fe2517324e1b7d52f24dfb5329a9d4
SHA256

bd34c8639eb4765ead3d6d0c159351ea0aa2893000c85db2aad98b2cd46fa40b
SHA512

e97c88c08114f6f24f44137a3ca5f3c1f4cfaaf2e159e259979fb99c44f108561cf85ff35a077e86b2bffb8fed307b80a8f17a36734eccc00199dfc54994eefc
SSDEEP

196608:0PFq/nBBJw9668udHlY5FLOyomFHKnPokPFq/nBBJw9668udHlY5FLOyomFHKnPo:08J68rFC8J68rF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 4728	3168	rundll32.exe	84
PID 3168 wrote to memory of 4728	3168	rundll32.exe	84
PID 3168 wrote to memory of 4728	3168	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be47b6328606d05560af2fa0f2e2d2f0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be47b6328606d05560af2fa0f2e2d2f0_JaffaCakes118.dll,#1
  2⤵
  PID:4728