0b0383a43fedc5cfbfcc51ce685e7c66e16091c9b014ca2e4bf33e589c87cdc2

Analysis

max time kernel
92s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 20:58

Target

8853cf2715e715e2ea75dfc697244eac_JaffaCakes118.dll
Size

5KB
MD5

8853cf2715e715e2ea75dfc697244eac
SHA1

b2155b8d770aa731804abfae972bded54a3bfb5e
SHA256

0b0383a43fedc5cfbfcc51ce685e7c66e16091c9b014ca2e4bf33e589c87cdc2
SHA512

efab51473f3432f0da9400a584722dfc2e00670386093b7078b7a3b4fe041f7ebd3871f3a6265f864c4b80e5bfba3876567927d518caf1b4706dadf13d59994b
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJArX3vSc8SwytgtYiT9UPILV4JOD/ZapwD03j:MTWnRZ0lJ34vgtYiTKPwdMyU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 4992	2268	rundll32.exe	82
PID 2268 wrote to memory of 4992	2268	rundll32.exe	82
PID 2268 wrote to memory of 4992	2268	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8853cf2715e715e2ea75dfc697244eac_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8853cf2715e715e2ea75dfc697244eac_JaffaCakes118.dll,#1
  2⤵
  PID:4992