149e5bee09ba5d9544a68601b964836242dbb50b3b36071de81c5700ce634825

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 07:08

Target

7fe230d6e96392d3982ebbe6430544e7_JaffaCakes118.dll
Size

1.0MB
MD5

7fe230d6e96392d3982ebbe6430544e7
SHA1

1778c38300ad1c433ff5712523cb48635df0b15b
SHA256

149e5bee09ba5d9544a68601b964836242dbb50b3b36071de81c5700ce634825
SHA512

cd1b993edaa4efc0561b266944dd5f352590df9dfc81841481db46c0989b92c705fe92d5f287b19b60e83ebef7363d24227a0a09d7d3bf0866ea4aa697aa404f
SSDEEP

24576:RpXH5IPEUlx4NAMxLcoXgu+pS0+M3tb0pvaep5Z8k:PH567Ju/0J3tCieDSk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 4776	3980	rundll32.exe	85
PID 3980 wrote to memory of 4776	3980	rundll32.exe	85
PID 3980 wrote to memory of 4776	3980	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fe230d6e96392d3982ebbe6430544e7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7fe230d6e96392d3982ebbe6430544e7_JaffaCakes118.dll,#1
  2⤵
  PID:4776