7f775bccaaa3846ab2cb3ae09856335d6f3a0906afa9afec219d6f397020d487

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 04:54

Target

f2bbfaef9902bd3f1a80e9d927ad5a4e_JaffaCakes118.dll
Size

107KB
MD5

f2bbfaef9902bd3f1a80e9d927ad5a4e
SHA1

be4cb532887d19653a9b2e42e3feafcd03e54fe2
SHA256

7f775bccaaa3846ab2cb3ae09856335d6f3a0906afa9afec219d6f397020d487
SHA512

07d0d150548f5eb4a4eb8d520c26214fc976b5fed88d9f8aeb8e386e908f9e21106e54fce7c5a428b8948653d49eda737f8ab840201762d719c7f327e98a6649
SSDEEP

1536:fLEHbvjIbWQtAeq47Y2oUwzvf4pwB6G99NfKa8S5A9Bu64M:A706QtUkLwttKBS5A9Bu64M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3148 wrote to memory of 3588	3148	rundll32.exe	83
PID 3148 wrote to memory of 3588	3148	rundll32.exe	83
PID 3148 wrote to memory of 3588	3148	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2bbfaef9902bd3f1a80e9d927ad5a4e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2bbfaef9902bd3f1a80e9d927ad5a4e_JaffaCakes118.dll,#1
  2⤵
  PID:3588