5138417b8d33101473790be9327062472d5be583d68f951c41b386eae040e2e6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 04:31

Target

27592dd962b7994fd679150b95f99d53_JaffaCakes118.dll
Size

21KB
MD5

27592dd962b7994fd679150b95f99d53
SHA1

e3bdb3983c625e2d0b227b5548b40ab73dfc72dd
SHA256

5138417b8d33101473790be9327062472d5be583d68f951c41b386eae040e2e6
SHA512

c2a2181d7533e5fd6d996f2510098923ca123f49fb168c162f0a58517931ed9fc4a1a181973bb20a69f1d9464bbe46153e83de67c86e5abf626c9c8c71d5f4cb
SSDEEP

384:8G5vD3MiN7MfaJ5yDQH61hZR1/9Ol2jwtnEFGyYEDcmsORUzASxfcfEyf2N+2ZmG:8Gp5YAeQa1hZR1/92nEFGyTAORGASxfo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 4580	4280	rundll32.exe	82
PID 4280 wrote to memory of 4580	4280	rundll32.exe	82
PID 4280 wrote to memory of 4580	4280	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27592dd962b7994fd679150b95f99d53_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27592dd962b7994fd679150b95f99d53_JaffaCakes118.dll,#1
  2⤵
  PID:4580