865a674ac5d6111b158adb771881d31b35ccf21a75147eec66948e6e01ceb3a0

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 03:50

Target

1493bcef1ff4d48abed21d4e93c5398e_JaffaCakes118.dll
Size

40KB
MD5

1493bcef1ff4d48abed21d4e93c5398e
SHA1

41819e285e1cdf514826826a88b002e0fca0a306
SHA256

865a674ac5d6111b158adb771881d31b35ccf21a75147eec66948e6e01ceb3a0
SHA512

7e925b413e68a270f37ad5e2a8c4ff1dff108319e040f5daef6748641bbb3c658fe065d131a950127cb13721fbcb93b116bff949bdd7bc0ee928167c2f055b0a
SSDEEP

768:Rfank9Fg/Xqf+KrKnvBFY15d7jVfkNM9EGkGpVKBhHQ:RRg//OKvBE5EqJkGj

Score

1^/10

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80
PID 3816 wrote to memory of 2272	3816	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1493bcef1ff4d48abed21d4e93c5398e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1493bcef1ff4d48abed21d4e93c5398e_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272