90e9f0cf7b8ba1e9249ab72937b076c95298198d1f8637b4d2ac95348634a839

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 06:30

Target

f9b4dbcc9ae594b0fd7c4da4a7799105_JaffaCakes118.dll
Size

537KB
MD5

f9b4dbcc9ae594b0fd7c4da4a7799105
SHA1

c7c9fe7ce4cafb55435851b20b73661c28c12f55
SHA256

90e9f0cf7b8ba1e9249ab72937b076c95298198d1f8637b4d2ac95348634a839
SHA512

508fec3d0d544392ab1cb150b98b5f0283f48800a712c0430f848bbe2f325bb9fd5e69535afe159751ffa9569c6eb297bc777184b6f0ce951948eb7d66ddaeaf
SSDEEP

12288:y1C+xGhGjKNpNXcFA8cmqD+FF4FmOdpDkhDmMnl+iwCxJ:y1C+X+rGczJmOLb8X

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2384	1960	rundll32.exe	82
PID 1960 wrote to memory of 2384	1960	rundll32.exe	82
PID 1960 wrote to memory of 2384	1960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b4dbcc9ae594b0fd7c4da4a7799105_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9b4dbcc9ae594b0fd7c4da4a7799105_JaffaCakes118.dll,#1
  2⤵
  PID:2384