5c9b8f7a683fc3b8b8d6986b0df9f9d6b0bbc2e80a8de64ace28eed9f7ecf452

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 06:53

Target

de1f671eda3324db99fc3f1ae90b6620_JaffaCakes118.dll
Size

4.0MB
MD5

de1f671eda3324db99fc3f1ae90b6620
SHA1

af5f67a406e997d1f1ab2234d294c77d63eedb85
SHA256

5c9b8f7a683fc3b8b8d6986b0df9f9d6b0bbc2e80a8de64ace28eed9f7ecf452
SHA512

62946fe9fb3223c658cd6fc2343d4a7310543abee84bcfb6965bdb453531a89e92fe023fc643317f561dc7f103eb653435e16e822feeda8a004dd4dddb4255f2
SSDEEP

98304:8566l2u45UNYFrkvz29kdJWk566l2u45UNYFrkvz29kdJW:06w2u45UNSwvz1JWM6w2u45UNSwvz1JW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3632 wrote to memory of 424	3632	rundll32.exe	84
PID 3632 wrote to memory of 424	3632	rundll32.exe	84
PID 3632 wrote to memory of 424	3632	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de1f671eda3324db99fc3f1ae90b6620_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de1f671eda3324db99fc3f1ae90b6620_JaffaCakes118.dll,#1
  2⤵
  PID:424