e6dbf1801f5c796fe793d6e1c90a8af8839e012b16e26eb2638c768f5635f9fb

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 16:41

Target

8b146dde0a47fa1e85a9fefc484d33b8_JaffaCakes118.dll
Size

2.1MB
MD5

8b146dde0a47fa1e85a9fefc484d33b8
SHA1

b2896c0cbe50a9effa27ae69c629c195b3657791
SHA256

e6dbf1801f5c796fe793d6e1c90a8af8839e012b16e26eb2638c768f5635f9fb
SHA512

6f83d7617765959d64c7d15c9636258f880ed6798cd8dc33aacb5ad7714d16637b16f8a6d3b111216ab75a7c3949cb28e5b18f830204bacad44aac3518cb87b2
SSDEEP

49152:660TWrAWoVQZOf6P2q0p591b0AsEzHfMR:8k7YQZOiup591b4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 2092	3920	rundll32.exe	82
PID 3920 wrote to memory of 2092	3920	rundll32.exe	82
PID 3920 wrote to memory of 2092	3920	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b146dde0a47fa1e85a9fefc484d33b8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8b146dde0a47fa1e85a9fefc484d33b8_JaffaCakes118.dll,#1
  2⤵
  PID:2092