158dedb0d0ff01bf9e3a03ee6696503b7b59292aee3b78a2b1c65cea9035fa23

Analysis

max time kernel
93s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 13:10

Target

24fce6956c37b1bbaf263d521f797040_JaffaCakes118.dll
Size

1.1MB
MD5

24fce6956c37b1bbaf263d521f797040
SHA1

74f881301a31ceabde9ff6705b5ab84e5b96fbd0
SHA256

158dedb0d0ff01bf9e3a03ee6696503b7b59292aee3b78a2b1c65cea9035fa23
SHA512

e032368b2754353d0ecdf099e2590920e8692ac0e2d178fbf999db2569fc6e99d9f3dcedb25c7ed774d901f1eeb83ff43c9b0be218ae384714b457303b56427f
SSDEEP

24576:7yw6WTDBsFoIDzCyRMQ9qqRHpVLk8e+NDznspOgI:uWHqaIH/RM0T/ND7MC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2996 wrote to memory of 2952	2996	rundll32.exe	rundll32.exe
PID 2996 wrote to memory of 2952	2996	rundll32.exe	rundll32.exe
PID 2996 wrote to memory of 2952	2996	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24fce6956c37b1bbaf263d521f797040_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2996

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24fce6956c37b1bbaf263d521f797040_JaffaCakes118.dll,#1
2⤵
PID:2952