21a578c9e541ae3c77ffb7371314acadec07a7abcefd664f4ea267cc23a5c01d

Analysis

max time kernel
91s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 17:03

Target

f867f749aca69b83fec17f12b4e3ac11_JaffaCakes118.dll
Size

1.1MB
MD5

f867f749aca69b83fec17f12b4e3ac11
SHA1

3c9d32718ba0420aa3126c2d31c338180ba4d478
SHA256

21a578c9e541ae3c77ffb7371314acadec07a7abcefd664f4ea267cc23a5c01d
SHA512

1abd81236d3aec6e89dacf158e0d08bf5114cd205b53ef34640afca72bdd93fba0941a3985d2ffd6bd4ee5c2bd611236e194e2e5fa6535bc21c2b37c7003553a
SSDEEP

24576:rm1g9dcmpttV8Xez2vlGkQu+pS0+M3tb0pvaep5ZtPuu4L:cg9dRpMez2vlGBu/0J3tCieDML

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 4340	2772	rundll32.exe	88
PID 2772 wrote to memory of 4340	2772	rundll32.exe	88
PID 2772 wrote to memory of 4340	2772	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f867f749aca69b83fec17f12b4e3ac11_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f867f749aca69b83fec17f12b4e3ac11_JaffaCakes118.dll,#1
  2⤵
  PID:4340