a43e0392c65e8a551534771046181d251c59dec423566e12a4c2177d637703da

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 21:49

Target

4d2cda76ed8d45607125e6fb33ef802e_JaffaCakes118.dll
Size

154KB
MD5

4d2cda76ed8d45607125e6fb33ef802e
SHA1

99f3dc91973377bb099ae1d0e4af5402e387cd85
SHA256

a43e0392c65e8a551534771046181d251c59dec423566e12a4c2177d637703da
SHA512

fb9bac4eaa9c114ecc8d63aa31d8377817328ccaf970b85220d3036306f9e96f2010071f0be68fbad0aedfcd285c24e0d489754a1286c0595dfd353f53b0669e
SSDEEP

3072:StRY6QhWpzr9FQyO51x229I+UnHjHFXpqtlHGLKrrmHY+3NU7A:dAFExP9I+wjHFXoDGLGrmHp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 424 wrote to memory of 2808	424	rundll32.exe	82
PID 424 wrote to memory of 2808	424	rundll32.exe	82
PID 424 wrote to memory of 2808	424	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d2cda76ed8d45607125e6fb33ef802e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d2cda76ed8d45607125e6fb33ef802e_JaffaCakes118.dll,#1
  2⤵
  PID:2808