21cbe3fa06f102da4c558cc7863c496418be3459f30b4f34c024d8081aa1184a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 16:09

Target

356d001389ba3600284ec47f9060da8c_JaffaCakes118.dll
Size

840KB
MD5

356d001389ba3600284ec47f9060da8c
SHA1

7135df03c1eab6a1a1e73c944d3f035bed197bfe
SHA256

21cbe3fa06f102da4c558cc7863c496418be3459f30b4f34c024d8081aa1184a
SHA512

1662603e523ceec4ae961509c82a55cfd23bdc037794e9baa8dd92fd688ca2626b46861fc7897cc717c7d342182deb6691060ebc60062c145f62ff012496fa8c
SSDEEP

12288:5IYrCUqdG0k8iQVTtLRFljs3KrUbUcBGOIg9YYB3wZt15wNzSLNtRswy86:5IrTG0k8bVJL/DirIE3wZt/wNzwb6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 1180	1520	rundll32.exe	81
PID 1520 wrote to memory of 1180	1520	rundll32.exe	81
PID 1520 wrote to memory of 1180	1520	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\356d001389ba3600284ec47f9060da8c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\356d001389ba3600284ec47f9060da8c_JaffaCakes118.dll,#1
  2⤵
  PID:1180