0cd48f2289fdbb1cf24e61e9bd258452bcc46806965b1e51f6d69a31ef60777a

Analysis

max time kernel
133s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 21:51

Target

68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll
Size

142KB
MD5

68c13161f04fb586fc8778b70d003e1e
SHA1

fa018cdcc8b7329b61b6a0c28e9e1109d25e20ba
SHA256

0cd48f2289fdbb1cf24e61e9bd258452bcc46806965b1e51f6d69a31ef60777a
SHA512

b27999efe3854f2c858d7df11560ef8fa0528ddff1917f1a7c81972dacf2f20ff0e5aa8ecb99f6a1faf5cb3f80245a0735dfb986c50854078dd6447ac66a91f6
SSDEEP

3072:5tQul439NZiYd88+HS7SPlSUmoB7pInBGhBt:5tQul+NZiY97SPlT1iGZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3160 wrote to memory of 3560	3160	rundll32.exe	rundll32.exe
PID 3160 wrote to memory of 3560	3160	rundll32.exe	rundll32.exe
PID 3160 wrote to memory of 3560	3160	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c13161f04fb586fc8778b70d003e1e_JaffaCakes118.dll,#1
2⤵
PID:3560