f54f561e8e4426812aaefaecd0473fe2bd93895960d5e4b38962eaeb2fc1b467

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 05:18

Target

dc323cc904b122d5503cfcd10fb60108_JaffaCakes118.dll
Size

732KB
MD5

dc323cc904b122d5503cfcd10fb60108
SHA1

22b53050094d100d3044cffe18b66b6baac33736
SHA256

f54f561e8e4426812aaefaecd0473fe2bd93895960d5e4b38962eaeb2fc1b467
SHA512

91d916084289bb791754eccb0df0c9db7e72e3abb5962ffe7cd5c3ca2bcc3943a5ecde0ed0dca6777be6f930e8d6143e62e1578959ad5149d7ff9e5b59c74d12
SSDEEP

12288:NZjNvj+LauW4mZjNvj+LauW4sZjNvj+LauW4:Pdj+ydj+Mdj+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2776	4840	rundll32.exe	85
PID 4840 wrote to memory of 2776	4840	rundll32.exe	85
PID 4840 wrote to memory of 2776	4840	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc323cc904b122d5503cfcd10fb60108_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dc323cc904b122d5503cfcd10fb60108_JaffaCakes118.dll,#1
  2⤵
  PID:2776