74666e2a8576a66c2d99a4c875a7805e519bf617f58efc004d6a6a735460f6ee

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 06:37

Target

03b1e299cb1e9ab7f21665f4fd8b162b_JaffaCakes118.dll
Size

102KB
MD5

03b1e299cb1e9ab7f21665f4fd8b162b
SHA1

1c145e137c0a3674c0d86d2280a175556b43ca6f
SHA256

74666e2a8576a66c2d99a4c875a7805e519bf617f58efc004d6a6a735460f6ee
SHA512

ef8dd2078879b2b0aeea3a876072826e62b3c11c65aed6c9446d59eabf9f68cf8ba44749dbeddbf4c1e37222744f95810dbaed692143df936a18abfd3f69cc33
SSDEEP

1536:kNljeUtUYZ8qNiW3FLwLfbwCPyySIG5cab1pjkpM+N2feV0GXOw5lp:0eYZ8xgib6ySIGmaBpjk3rV0GXOw5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 1580	232	rundll32.exe	83
PID 232 wrote to memory of 1580	232	rundll32.exe	83
PID 232 wrote to memory of 1580	232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03b1e299cb1e9ab7f21665f4fd8b162b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03b1e299cb1e9ab7f21665f4fd8b162b_JaffaCakes118.dll,#1
  2⤵
  PID:1580