143e8a2db015b839049c6f7f5ba25b5604999f357516b508cd66aab7fd6499d4

Analysis

max time kernel
133s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 02:43

Target

159e9cbb140d2f11fe4942b5f44eaa27_JaffaCakes118.dll
Size

1.0MB
MD5

159e9cbb140d2f11fe4942b5f44eaa27
SHA1

f8d0a085aec5f344d9745ff5ff4a6e00dace999c
SHA256

143e8a2db015b839049c6f7f5ba25b5604999f357516b508cd66aab7fd6499d4
SHA512

003e344315a92955bd819fad06d98f3a039216a2cedc82a558c60e03c7ee14936e4e788c5fbdc8c813b7b5eaf04193cc8ec87c17c07c2602a4068830d7719240
SSDEEP

24576:qiSnZyxK/fWqet9g4e2K4EWbSXpaXv64S16srQQjb:BnE/f+PKObSSurP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 752 wrote to memory of 4676	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 4676	752	rundll32.exe	rundll32.exe
PID 752 wrote to memory of 4676	752	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\159e9cbb140d2f11fe4942b5f44eaa27_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:752

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\159e9cbb140d2f11fe4942b5f44eaa27_JaffaCakes118.dll,#1
2⤵
PID:4676