8d5f5284b914c54f78c161f5e018769c91a5cf284ffc169634c8b93b1f857294

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 15:59

Target

169dd4f773e1145c60ea267daf59aa2a_JaffaCakes118.dll
Size

61KB
MD5

169dd4f773e1145c60ea267daf59aa2a
SHA1

32fcf6bb45c30b733cb99afbafa407c192b51adf
SHA256

8d5f5284b914c54f78c161f5e018769c91a5cf284ffc169634c8b93b1f857294
SHA512

28ec0eceed4effec9960fc0ea0dc3b58f6b9d3b366db08ab26fef462c5ec919ac729c191599ffb5691bd2f2b5b5c59f88b9fb2b7e096fc36d78c612398f45295
SSDEEP

768:EVOErBwsWFjS2sY+q4/YZZSX2LEMvAMiq7PNzqGAjprMFiNgYn45xC4:Y1aF91+XeIX24QAMZPNzgh/mr5x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 4108	1324	rundll32.exe	80
PID 1324 wrote to memory of 4108	1324	rundll32.exe	80
PID 1324 wrote to memory of 4108	1324	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\169dd4f773e1145c60ea267daf59aa2a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\169dd4f773e1145c60ea267daf59aa2a_JaffaCakes118.dll,#1
  2⤵
  PID:4108