10f61feb2a256b33d3151e02768536ebe45bd27218e3437d4cb8348162e61cd7

Analysis

max time kernel
122s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 12:57

Target

f38a15e588cdfafaeaf320750abcffb6_JaffaCakes118.dll
Size

1.6MB
MD5

f38a15e588cdfafaeaf320750abcffb6
SHA1

48d0630d973f36bab7db78a54cafcb25bf5fb77e
SHA256

10f61feb2a256b33d3151e02768536ebe45bd27218e3437d4cb8348162e61cd7
SHA512

7c57cda7d825663e25af67ef9386cfcb6e6d857c9ca35056761156e3733ba1672ba685cfcab98d44755de6d6c1708492e9888d8a030400d5fde22667df6b0966
SSDEEP

24576:id0kwIWgbu+pS0+M3tb0pvaep5Z+dXV73llsQUfIKKuZAP2BgODyQMFTujKY3hF:IWgbu/0J3tCieD0HT/sQxKbxkQMFTu/T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4052	3068	rundll32.exe	89
PID 3068 wrote to memory of 4052	3068	rundll32.exe	89
PID 3068 wrote to memory of 4052	3068	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f38a15e588cdfafaeaf320750abcffb6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f38a15e588cdfafaeaf320750abcffb6_JaffaCakes118.dll,#1
  2⤵
  PID:4052