55aae18b1307eb6bb648cb7f2ed553e724b989bf96b8bcc3503fbb6753a7601c

Analysis

max time kernel
84s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 06:36

Target

f07d32b2b0b38f63d6dd2c37cc9bb936_JaffaCakes118.dll
Size

220KB
MD5

f07d32b2b0b38f63d6dd2c37cc9bb936
SHA1

56fd6fd6e906d5f3477f79b9ef0b8c044fe1aab7
SHA256

55aae18b1307eb6bb648cb7f2ed553e724b989bf96b8bcc3503fbb6753a7601c
SHA512

19e394337769eac100b0fd314f23a891fe8e3e94158d5312919ed1ec4f7673901677fb539069fd04902c242fa37810ff494d7021b2992cb40373b6920290cfb4
SSDEEP

6144:wxToSeUp63V5JAyJnAKaQ6aD2TWJVIjdrTBYsVIsY/H/:J+6F5JAylD+W85rTRqsG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 864	3084	rundll32.exe	88
PID 3084 wrote to memory of 864	3084	rundll32.exe	88
PID 3084 wrote to memory of 864	3084	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f07d32b2b0b38f63d6dd2c37cc9bb936_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f07d32b2b0b38f63d6dd2c37cc9bb936_JaffaCakes118.dll,#1
  2⤵
  PID:864