223e280c1ca5cdd6ee850f6d20d752c73e4f1734f9099a3231f9864d3369d31e

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 18:06

Target

afb4ce8866b88d9841587bc1abb2f7e5_JaffaCakes118.dll
Size

1.6MB
MD5

afb4ce8866b88d9841587bc1abb2f7e5
SHA1

18c3e3decec432ad3f4ea93debad9d5d924a5ce6
SHA256

223e280c1ca5cdd6ee850f6d20d752c73e4f1734f9099a3231f9864d3369d31e
SHA512

a90c052dd1b1b5a5e154aeca5e29259898a5acda4af47527f3426235333b5d231481683cbfac6d1dfd8e0e1258f922c265d57042512c938fd8c8685d5c9d730b
SSDEEP

24576:Om6zVosJyu+pS0+M3tb0pvaep5ZOfO4hvllsQUfIKKuZAP2hgOD3QMFPu7KY3B:TsJyu/0J3tCieDk/sQxKbRxQMFPuHB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 4740	3216	rundll32.exe	82
PID 3216 wrote to memory of 4740	3216	rundll32.exe	82
PID 3216 wrote to memory of 4740	3216	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb4ce8866b88d9841587bc1abb2f7e5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb4ce8866b88d9841587bc1abb2f7e5_JaffaCakes118.dll,#1
  2⤵
  PID:4740