5ac39685332aef454f25719ba3e3d5e4d2fb31ad2fa6e5a753089831f133fcbc

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 13:45

Target

0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll
Size

28KB
MD5

0e4ba3f4cced29663dd83692c8754472
SHA1

fb108b9440013ca0487906cf2cc4275f9fb7efcc
SHA256

5ac39685332aef454f25719ba3e3d5e4d2fb31ad2fa6e5a753089831f133fcbc
SHA512

49fbb714e27921c314906af91ce819acfeeda2d5e74f65e8bfca4d2d13b00a30d35ce94bfb87580309180bc354e65dcc4e79094adf356d9654ed86dd94a3eb7f
SSDEEP

384:OA42VFnTRCUX8KgOP/ImlHoybL3goIo99xJ:7JFnT4UsKg6/sC3JIo99x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 4480	4568	rundll32.exe	81
PID 4568 wrote to memory of 4480	4568	rundll32.exe	81
PID 4568 wrote to memory of 4480	4568	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e4ba3f4cced29663dd83692c8754472_JaffaCakes118.dll,#1
  2⤵
  PID:4480