453de77ffdbcc3cef272580f701cc298d9fd4d322eabdaf2e39ba44f6493a3a6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 23:44

Target

fb6eca552b88eaaffb2ddbb9162c8838_JaffaCakes118.dll
Size

742KB
MD5

fb6eca552b88eaaffb2ddbb9162c8838
SHA1

b881a69fe9f05546c518403188857f6977c8cc36
SHA256

453de77ffdbcc3cef272580f701cc298d9fd4d322eabdaf2e39ba44f6493a3a6
SHA512

849526c97d40da8f097e0e05bc7e46a8b0c6cd2093e2b7d2ee92ad09e573d8366bfd2c2521beb47265e0d5c08f5701d465221288b13c1356c87574ba4fe14c62
SSDEEP

12288:mgeM8lwgL9qUKLa6BWtHZetJ1AgKRoATFRUPzXTwnK1cQ47gKckpPWUGQVurP6l4:te51LwUKz/zYN33gPFql1N/h8

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
136	3484	rundll32.exe
161	3484	rundll32.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3484	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 3484	2024	rundll32.exe	84
PID 2024 wrote to memory of 3484	2024	rundll32.exe	84
PID 2024 wrote to memory of 3484	2024	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6eca552b88eaaffb2ddbb9162c8838_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb6eca552b88eaaffb2ddbb9162c8838_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: RenamesItself
  PID:3484