5a67ca7c6d290505891df9fc830de7e139336869db7dfae00fb99bf23385000e

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 22:28

Target

5bcf3ced4bb2a4c688145813c1340fb7_JaffaCakes118.dll
Size

82KB
MD5

5bcf3ced4bb2a4c688145813c1340fb7
SHA1

f5388143e84cd221ba068eb7f68c71401c28df29
SHA256

5a67ca7c6d290505891df9fc830de7e139336869db7dfae00fb99bf23385000e
SHA512

092bdfd47c4a174c45f4c3889092b3d99b8f4cd905aee38251ccc6b1b564c73dfa54cd6ed042721df8193ce38126dc99745487a8ed616c2639776dcc2d486ed3
SSDEEP

1536:BD6K271gp7DXvCf45wMQmc0OO4dbTnvMk+xn4QgXUJYaUPBp2h/Hqlvo3Fic+NpN:BDGYLagCrEOO4t+pyiYHv0PqUYc+lD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 1700	4868	rundll32.exe	83
PID 4868 wrote to memory of 1700	4868	rundll32.exe	83
PID 4868 wrote to memory of 1700	4868	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bcf3ced4bb2a4c688145813c1340fb7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bcf3ced4bb2a4c688145813c1340fb7_JaffaCakes118.dll,#1
  2⤵
  PID:1700