6453cb4bf3566c0695f239c5256a2a8e23b9aab9494e765f6753a27e900f2125

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 09:39

Target

0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll
Size

34KB
MD5

0d949c24757b03d8dc7e25b4e6964e97
SHA1

9dad41c6eb9cac6aed1d8fb23bd659da99e7effe
SHA256

6453cb4bf3566c0695f239c5256a2a8e23b9aab9494e765f6753a27e900f2125
SHA512

092ac58e53d759397685bc833535254ec649bbc799b892a8ef1104c0f72dd38e18a37b997fa20e806d9f3ee1694c7325a330e0aa0824cfaaea75213550620829
SSDEEP

768:GQ7FCmKyb5dlt+NGZmXgoZkC/jCDtGUAqsqqtBNu2H:GQ7FpT9MZXjUtpHDQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4524	5060	rundll32.exe	82
PID 5060 wrote to memory of 4524	5060	rundll32.exe	82
PID 5060 wrote to memory of 4524	5060	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d949c24757b03d8dc7e25b4e6964e97_JaffaCakes118.dll,#1
  2⤵
  PID:4524