06fd2ee1d0157279ca929e205d74ff68e2b66446e24e11615b73fd4969ac1b97

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 00:26

Target

276dcfa5d18b84e959161e03f475ed28_JaffaCakes118.dll
Size

1.2MB
MD5

276dcfa5d18b84e959161e03f475ed28
SHA1

267926f2d1bcbd06428dca411329f73f52c51e34
SHA256

06fd2ee1d0157279ca929e205d74ff68e2b66446e24e11615b73fd4969ac1b97
SHA512

da7e1cdec732827d3a5afa4edafb1717617ce6f3fee875730322e05761be15a410117ad6c5c0e7a90731b7709cdd85316caa3472fe8be0c842f1e719337b6a11
SSDEEP

24576:JTbGEVij4Chm/jeZCRLWlgYK9KajXNkSfA2VNdJgVia/665ClgFkU0S:0E/e6Tf9KajXNkSf1VNdjqCqFcS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 760 wrote to memory of 4492	760	rundll32.exe	rundll32.exe
PID 760 wrote to memory of 4492	760	rundll32.exe	rundll32.exe
PID 760 wrote to memory of 4492	760	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\276dcfa5d18b84e959161e03f475ed28_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\276dcfa5d18b84e959161e03f475ed28_JaffaCakes118.dll,#1
2⤵
PID:4492