5ada5ff72f5166315315b6c47bc346320e8f3027c6b930a3db02c8e9a7f371d9

Analysis

max time kernel
141s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 07:45

Target

566de3fb0dd9bf8a926936afb2ca763d_JaffaCakes118.dll
Size

340KB
MD5

566de3fb0dd9bf8a926936afb2ca763d
SHA1

da7b8761588868ccd17d79293f7df7434a474dc1
SHA256

5ada5ff72f5166315315b6c47bc346320e8f3027c6b930a3db02c8e9a7f371d9
SHA512

3f653006c6c62884cad3d62b5d3a60cf9b8347ab9cf38bf4798c612c46eb7c9072a455206c3fd1af9fe68adc023be2d8b2b992fd2c131b47f6e08e78ce0be6c4
SSDEEP

3072:ivA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:i206xWgGxLxWN40PDKR/JnXya

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 3992	2360	rundll32.exe	84
PID 2360 wrote to memory of 3992	2360	rundll32.exe	84
PID 2360 wrote to memory of 3992	2360	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\566de3fb0dd9bf8a926936afb2ca763d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\566de3fb0dd9bf8a926936afb2ca763d_JaffaCakes118.dll,#1
  2⤵
  PID:3992