2e1a0f51dbd14ec53075a5d3710d771ecd8f67ce7b5959719edfcc6f695369d9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 20:47

Target

f1e44e23849a2da10fc78efca0d615e4_JaffaCakes118.dll
Size

208KB
MD5

f1e44e23849a2da10fc78efca0d615e4
SHA1

adc89fdf7e1764a023d8a04507632c1953e51ccf
SHA256

2e1a0f51dbd14ec53075a5d3710d771ecd8f67ce7b5959719edfcc6f695369d9
SHA512

5432ad54fc521f3cdd52ab8cf316aeabfef1ad0a94b1d87086ce10f8a09dda085e68eb2a3bf9827a2b4d359031ced84abad93ea104f152de0867a9e332982ce7
SSDEEP

6144:0QXmbg+jVMP4qkCi5CAz02LZcAc+w0o/ZIDw:0wegkE/k40BLZc57z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3368	2152	rundll32.exe	84
PID 2152 wrote to memory of 3368	2152	rundll32.exe	84
PID 2152 wrote to memory of 3368	2152	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1e44e23849a2da10fc78efca0d615e4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1e44e23849a2da10fc78efca0d615e4_JaffaCakes118.dll,#1
  2⤵
  PID:3368