3edee20763bf9d8261c8c3db7fa5fa7f59dcc0278e6383af7b758b5e60b38ffb

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 12:04 UTC

Target

05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll
Size

17KB
MD5

05d28607b3344c3aa1d779736f0ccbe7
SHA1

4a0351b7d2fa714f44d67a2b342e241cbf8fe5f2
SHA256

3edee20763bf9d8261c8c3db7fa5fa7f59dcc0278e6383af7b758b5e60b38ffb
SHA512

f7bbfaefb821b99f86a3a36e3c22f906352e04c309405abc6e1f916dbe0957f1d6917dc97c500dad4173a231a95431b928abe59835589f1f5ec9deffa57218e5
SSDEEP

192:n369sd9OinMOZ/vvtaUuU8e0W9+ym+yCrDYmBMitDeiHKoYDKtXLerFRoYN37nHk:362rOiVFcUyW/Bv8oU97E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 4496	1488	rundll32.exe	81
PID 1488 wrote to memory of 4496	1488	rundll32.exe	81
PID 1488 wrote to memory of 4496	1488	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\05d28607b3344c3aa1d779736f0ccbe7_JaffaCakes118.dll,#1
  2⤵
  PID:4496