056b7d75113cacc9cdaaa1669a37b18a5ecaf7693ca707b797b88d061f8c4608

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 00:37

Target

7b1b9b67abba1345d428f1d19521f43b_JaffaCakes118.dll
Size

1.0MB
MD5

7b1b9b67abba1345d428f1d19521f43b
SHA1

4b5803525a67bb7b383e596f16de3abbc518dbfb
SHA256

056b7d75113cacc9cdaaa1669a37b18a5ecaf7693ca707b797b88d061f8c4608
SHA512

6f6c4f533663514522ee768f4ecbc3a56b40e2bee89986f04ef24d1f8ee1aca469ff388575c8cdd923431a7d263a07c55a32d13c817149f0768fb80dd2b0f394
SSDEEP

24576:3fC2VJMftX8iRVDKqe/FYT8jKa3h2wR4D:PwtXJq/FYwjK+hLRS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1836 wrote to memory of 2796	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2796	1836	rundll32.exe	rundll32.exe
PID 1836 wrote to memory of 2796	1836	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b1b9b67abba1345d428f1d19521f43b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b1b9b67abba1345d428f1d19521f43b_JaffaCakes118.dll,#1
  2⤵
  PID:2796