13f287cfaf3bb2a20a09bb9f3f8e7f8118667958d3c072d0cb25693a5357c6b3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 03:22

Target

4e36777b95c438ba79b98bebd8538c0d_JaffaCakes118.dll
Size

1.0MB
MD5

4e36777b95c438ba79b98bebd8538c0d
SHA1

a8a1ded41bd6e32b937fe6aabc428c1d7eabd458
SHA256

13f287cfaf3bb2a20a09bb9f3f8e7f8118667958d3c072d0cb25693a5357c6b3
SHA512

94a2a6f52bb5813e4cab756db0131eddf2d12a667d6d12d23cd5870aa4b2822695db8be3a4e6dff09de89347f79de75364ecf1ac39077b0272b9985d08784a18
SSDEEP

24576:vbywomQZgJYs2u+pS0+M3tb0pvaep5ZGQ7rJ:eplgqZu/0J3tCieDhV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 3164	3088	rundll32.exe	85
PID 3088 wrote to memory of 3164	3088	rundll32.exe	85
PID 3088 wrote to memory of 3164	3088	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e36777b95c438ba79b98bebd8538c0d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e36777b95c438ba79b98bebd8538c0d_JaffaCakes118.dll,#1
  2⤵
  PID:3164