d88ba9f60d9bc686f7d6e2cb66d4af86f9cb75cbc83ec39e463dd078222c8935

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 18:37

Target

5d2c35d7915b627e5c4fb488c2747981_JaffaCakes118.dll
Size

116KB
MD5

5d2c35d7915b627e5c4fb488c2747981
SHA1

bc8dedb11231335f6ff07e9f4f151d5af208a2c1
SHA256

d88ba9f60d9bc686f7d6e2cb66d4af86f9cb75cbc83ec39e463dd078222c8935
SHA512

da3f648bac22ef9379909b58e0e2661480895a722beb839e4babe6fd632b1d4a7185bd9658f37935eb92984444d31d1a5aec689d6c19630f99c071c5484ba94b
SSDEEP

1536:CD+Uh4Lpbskv45D30oUCIFAi/tLCucTf45za3zzlZ7jeJHo7Jx8tLr:jUh4LhskvM3r7i/FDSXlZ7jeJHo7T8t

Score

1^/10

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3804	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 3804	4980	rundll32.exe	84
PID 4980 wrote to memory of 3804	4980	rundll32.exe	84
PID 4980 wrote to memory of 3804	4980	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d2c35d7915b627e5c4fb488c2747981_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d2c35d7915b627e5c4fb488c2747981_JaffaCakes118.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:3804