0f552cf8c7eff68bd9cf4b07dcd3e2bca07d38c5f11d2347fce2f66526030d6c

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 13:39

Target

466f45115feb9058a4843bba52f40275_JaffaCakes118.dll
Size

1.1MB
MD5

466f45115feb9058a4843bba52f40275
SHA1

0a75f49f9db27fa66378643a9dfdddf10e442755
SHA256

0f552cf8c7eff68bd9cf4b07dcd3e2bca07d38c5f11d2347fce2f66526030d6c
SHA512

44b34b4cfe90341b19156c9979526104f19fd9902579c892ab3db03853a523c4e5032c65e296370012c5bdfcf37fa4dde48c07cf855fd5a136ca2a4e95ccbb0b
SSDEEP

24576:bSJOWurenCMS4GGQFPJkDPJVqsOsTiNGYWMzY5lGU2gUmq/qX5P0:RW3wHUdjikNMzaGQUwM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1472 wrote to memory of 1752	1472	rundll32.exe	rundll32.exe
PID 1472 wrote to memory of 1752	1472	rundll32.exe	rundll32.exe
PID 1472 wrote to memory of 1752	1472	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\466f45115feb9058a4843bba52f40275_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\466f45115feb9058a4843bba52f40275_JaffaCakes118.dll,#1
  2⤵
  PID:1752