5c090d7a2115e8a4279dc2cc95e390b6f561d89e8c01ccab1162f3a125958719

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 19:07

Target

58afe31fed78911c2ef74558c7a66bff_JaffaCakes118.dll
Size

340KB
MD5

58afe31fed78911c2ef74558c7a66bff
SHA1

bfcd2d46fb0255d94e44dc59539a12c977dd69cd
SHA256

5c090d7a2115e8a4279dc2cc95e390b6f561d89e8c01ccab1162f3a125958719
SHA512

8710cda4e5ddedaf4c596d7d7759eb76603a4e08d9a1b77e475b991d86cbbfd92aefacdfa1efc399d90c04927ce4f5de22331bc6cc28ece6e0befe7b5bf4146e
SSDEEP

3072:LvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXRca:L206xWgGxLxWN40PDKR/JnXya

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 880	2980	rundll32.exe	84
PID 2980 wrote to memory of 880	2980	rundll32.exe	84
PID 2980 wrote to memory of 880	2980	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58afe31fed78911c2ef74558c7a66bff_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58afe31fed78911c2ef74558c7a66bff_JaffaCakes118.dll,#1
  2⤵
  PID:880