a5c9cde0da4af72ef1ee2e6a656c0e6109a7152b5b31b6258d56b117add05b56

Analysis

max time kernel
94s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 07:52

Target

252de05dc696f37e797b5447b4c59cdc_JaffaCakes118.dll
Size

72KB
MD5

252de05dc696f37e797b5447b4c59cdc
SHA1

00c2b2839eb4999e82f5e2a63b2c6d787a4a451e
SHA256

a5c9cde0da4af72ef1ee2e6a656c0e6109a7152b5b31b6258d56b117add05b56
SHA512

a2ac1c49554e94455c6236485b8c6a6c773b1137a713c0befc377284a07d603ce5e770fe0c311ee69ca9fa96f13d08d552193e7dfebd208466f519fcaeb9300f
SSDEEP

1536:V1hQe2kHEv14TPtAPucK+7xUE9oeyYMEd:V/Qe2FNSRIxUE9oeNM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 752	4868	rundll32.exe	83
PID 4868 wrote to memory of 752	4868	rundll32.exe	83
PID 4868 wrote to memory of 752	4868	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\252de05dc696f37e797b5447b4c59cdc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\252de05dc696f37e797b5447b4c59cdc_JaffaCakes118.dll,#1
  2⤵
  PID:752