16f48c28aef3603a350200ef772550a9a9e527a698084b464dcebef35efb7870

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 20:05

Target

21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118.dll
Size

1.0MB
MD5

21868ce1d5e8d29acf4a3843b2170249
SHA1

1c0c13949cc62d0e403464a0716d4ae5956b1d94
SHA256

16f48c28aef3603a350200ef772550a9a9e527a698084b464dcebef35efb7870
SHA512

c149885e42ebff8fee1dd5fbc558599e8dcaa67c979e666aabfb875abe2d5abce5c14f94ff8100165d390c9dfbf9697c316676c68645b8b2d94076548886b2c1
SSDEEP

24576:93xSzLWZ1hOjhp4nmL053nfy8W+nh/D/FICq:tsm1h04K8W6ppq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 816 wrote to memory of 4860	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 4860	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 4860	816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21868ce1d5e8d29acf4a3843b2170249_JaffaCakes118.dll,#1
2⤵
PID:4860