faf2cb914b7dae79d221f92868084f679d03f5555cd684d005177e3b4baaab12

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 15:54

Target

92582b79aa0250c48e2f51ce9ebc2b2f_JaffaCakes118.dll
Size

68KB
MD5

92582b79aa0250c48e2f51ce9ebc2b2f
SHA1

a74fdbd5b190a8d068be43974c730d49b579a33a
SHA256

faf2cb914b7dae79d221f92868084f679d03f5555cd684d005177e3b4baaab12
SHA512

4279d6800339256cb19e9a9393488f3f5504144fd5ab10ceb22a2ac31f9250c0f5724ef1404887b8361b7da496fa806efb6553bad3c18d306d345dd1b0ff2f31
SSDEEP

768:eAw7fB3yVC5DNmOToFyQNuvD7PQyT4lqwg/zjhS+gZR5fAtWDsr/zmvfT5:e9iVC5DtToFc7Ytl6OU1ravfT5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 1328	4732	rundll32.exe	85
PID 4732 wrote to memory of 1328	4732	rundll32.exe	85
PID 4732 wrote to memory of 1328	4732	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92582b79aa0250c48e2f51ce9ebc2b2f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92582b79aa0250c48e2f51ce9ebc2b2f_JaffaCakes118.dll,#1
  2⤵
  PID:1328