1733f0a2cee9e8b5384c81c1b868c40f4bdf9c66cf934863c4d87ca7ffed70ea

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 10:44

Target

054222b9e0f872a9e77f3ce5d6c9eaed_JaffaCakes118.dll
Size

28KB
MD5

054222b9e0f872a9e77f3ce5d6c9eaed
SHA1

5e2e1bab7a2c813a8ee07d81eb28846592c6f19b
SHA256

1733f0a2cee9e8b5384c81c1b868c40f4bdf9c66cf934863c4d87ca7ffed70ea
SHA512

ba2981780b049db3748f5c9592f96a0442543bbe9010480be71d87ae0f3b7f0105a26a122a05fa6daa8b455a07a08356b4c6504f7ef7538fc2fea5eb9ecd13cc
SSDEEP

384:aCbRO8mDwvmkSanb5htkThosWf0pI2XFI:aCt1vmkSabBk1ef0pI2XFI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4392	2068	rundll32.exe	81
PID 2068 wrote to memory of 4392	2068	rundll32.exe	81
PID 2068 wrote to memory of 4392	2068	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\054222b9e0f872a9e77f3ce5d6c9eaed_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\054222b9e0f872a9e77f3ce5d6c9eaed_JaffaCakes118.dll,#1
  2⤵
  PID:4392