59bf0c6c951cf89f7a95c62230f5ec38ab92820c0322d63da1da228838939f15

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 03:39

Target

148cebca9ee9c909f0441ec31eadb98c_JaffaCakes118.dll
Size

36KB
MD5

148cebca9ee9c909f0441ec31eadb98c
SHA1

0d00849ff6f240a30f3219ef4f7cd66681364467
SHA256

59bf0c6c951cf89f7a95c62230f5ec38ab92820c0322d63da1da228838939f15
SHA512

dec195c72ea1f9ce5e80826ca38ee578a854ff9f6bb97ce22ba36410dab0e1522844e3de7cbfb5e092a09f63bcd0bd7ba63c85bd5ce5de2bd6b6e676520f49a8
SSDEEP

768:fZlQAtT2wv+YrTSX1/J1ksbS9KpASvoURnLWU:/QOvrTSF/J1lSCZoJU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 3068	3224	rundll32.exe	81
PID 3224 wrote to memory of 3068	3224	rundll32.exe	81
PID 3224 wrote to memory of 3068	3224	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\148cebca9ee9c909f0441ec31eadb98c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\148cebca9ee9c909f0441ec31eadb98c_JaffaCakes118.dll,#1
  2⤵
  PID:3068