c0b90661b00706100a47e6269bbed92e6c106aaedeef6d94785729ddb8f6c81b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 01:52

Target

01d2e1cf268fb814d34b6e879b3cea12_JaffaCakes118.dll
Size

15KB
MD5

01d2e1cf268fb814d34b6e879b3cea12
SHA1

dfe3ab06d2cc8b3a12c41c405c9af77025cd6893
SHA256

c0b90661b00706100a47e6269bbed92e6c106aaedeef6d94785729ddb8f6c81b
SHA512

82f792e46b39f21812f7cb7f3347c9c79f73377868bb379b97b70515c411d9e4ed71099f941b14eb41f2c62ce1e4320b1e401fd37c05eb44ad591f329e7567c7
SSDEEP

384:F62oc8wh5j5PFapzMrO5cyoadhGeC85VuqbbJ+ujzlm+M7iK:1oDUkpcadhtC8vvXYEX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 5000	4864	rundll32.exe	82
PID 4864 wrote to memory of 5000	4864	rundll32.exe	82
PID 4864 wrote to memory of 5000	4864	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01d2e1cf268fb814d34b6e879b3cea12_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01d2e1cf268fb814d34b6e879b3cea12_JaffaCakes118.dll,#1
  2⤵
  PID:5000