23b811add2cc62240c80b0120bca25e368adb2c1aebbd122aa3feb55f8b80a8f

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 05:28

Target

a826dc1df4c86c849d0aaa28716c1daa_JaffaCakes118.dll
Size

1.1MB
MD5

a826dc1df4c86c849d0aaa28716c1daa
SHA1

e6385628468b3b54a9d8e141a686a7e07cece3a7
SHA256

23b811add2cc62240c80b0120bca25e368adb2c1aebbd122aa3feb55f8b80a8f
SHA512

5c43a619928750dd5c12f5f12460ab27555a14e19c7b10f66b0bc1c712edf9b5650090b4f3c8359d2fb6aec0da0d49830bd2f6af98084fc88d92f4bb0d9711c1
SSDEEP

24576:TkmGiMVi26nVTyhxX1vQQRegQmqWr7t7XsqMtimo2I7cwUYx:wmGXGVmXHIgQnWrZctiT7cwUu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3920 wrote to memory of 4268	3920	rundll32.exe	rundll32.exe
PID 3920 wrote to memory of 4268	3920	rundll32.exe	rundll32.exe
PID 3920 wrote to memory of 4268	3920	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a826dc1df4c86c849d0aaa28716c1daa_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3920

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a826dc1df4c86c849d0aaa28716c1daa_JaffaCakes118.dll,#1
2⤵
PID:4268