230cb02390a97ddc314a61b47b911da8f9bc232157e38f9eab7c2da54f12ce29

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 06:56

Target

b23cc6f8a4e8a299fb76b5043214f1ea_JaffaCakes118.dll
Size

1.5MB
MD5

b23cc6f8a4e8a299fb76b5043214f1ea
SHA1

2ce58370570e6dbeb1e12d996458fd4493f3ee98
SHA256

230cb02390a97ddc314a61b47b911da8f9bc232157e38f9eab7c2da54f12ce29
SHA512

86dd796727a8b563aecc9a8bd493e19b8b092200dcfb4c372ec6dc0edcba8fb3ae304ca9b66c42938d00970f18a10079ae29f0493f3d3953cb9efc61e0ea214e
SSDEEP

24576:3NgdS8w0H6u+pS0+M3tb0pvaep5ZDGJrllsQUfIKKuZAP2ZgODyQMFuuOKY3P:8w0au/0J3tCieDAJr/sQxKbp8QMFuu8P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 2772	4940	rundll32.exe	82
PID 4940 wrote to memory of 2772	4940	rundll32.exe	82
PID 4940 wrote to memory of 2772	4940	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b23cc6f8a4e8a299fb76b5043214f1ea_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b23cc6f8a4e8a299fb76b5043214f1ea_JaffaCakes118.dll,#1
  2⤵
  PID:2772