c265e0b5b45cce5e7ca8ac96e4e7d0bc77bbcb71d1e8ce752179452315d48ba0

Analysis

max time kernel
93s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2024, 10:05

Target

56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll
Size

340KB
MD5

56e4ebe68c44b61e9984cc6c70d4383e
SHA1

d590cc8ca9093d1d27cb7d827680d111c91ebe95
SHA256

c265e0b5b45cce5e7ca8ac96e4e7d0bc77bbcb71d1e8ce752179452315d48ba0
SHA512

3b9aa43b2576cf170f903c145597289edf0e4c81b1f0d7c2609e5862643d3aca4920c540ab9ae6eb15c3642fcb7b9938f34ccd6ce71c9ee976e1814894585c06
SSDEEP

3072:1vA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:1206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 848	4540	rundll32.exe	84
PID 4540 wrote to memory of 848	4540	rundll32.exe	84
PID 4540 wrote to memory of 848	4540	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\56e4ebe68c44b61e9984cc6c70d4383e_JaffaCakes118.dll,#1
  2⤵
  PID:848