0644fdad94448272e0eee2348953bf5faadf12d8692f4dbdcc402234bbaa944e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 01:36

Target

37919e9850a08e63770138d5ab79f845_JaffaCakes118.dll
Size

508KB
MD5

37919e9850a08e63770138d5ab79f845
SHA1

b9a4a6986688ef415cee51d6b2bd883ac151c94f
SHA256

0644fdad94448272e0eee2348953bf5faadf12d8692f4dbdcc402234bbaa944e
SHA512

2b4c095389baa906f3f160f3e8105a71523099bc481469c01ffd0fe83c0751c40c56dbee23224cd319c4d959d5f372faa005632862eabc9c28b870331e7b3ac5
SSDEEP

12288:0BjZqL9hDvCnWmKGu14RWPJ96/ISVotRPNn:06CWmGPJM/ISON

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 4092	5064	rundll32.exe	82
PID 5064 wrote to memory of 4092	5064	rundll32.exe	82
PID 5064 wrote to memory of 4092	5064	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37919e9850a08e63770138d5ab79f845_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37919e9850a08e63770138d5ab79f845_JaffaCakes118.dll,#1
  2⤵
  PID:4092