fc3e67b2c5dec1819de3118ad6849c31d24d078fb1bdd8b75317e7668160c56b

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 06:59

Target

1197675601f82151f4c1cd03d14908c3_JaffaCakes118.dll
Size

840KB
MD5

1197675601f82151f4c1cd03d14908c3
SHA1

efe3297836faa4f61d558187ba19fb5d8a39e1da
SHA256

fc3e67b2c5dec1819de3118ad6849c31d24d078fb1bdd8b75317e7668160c56b
SHA512

3afceaf8d9c7795fb7c6ec92e25f1e3737f14285ed01987d427fc56ec3ff6a7d0cdefb53564570869c41a9e2f33b5f8d980cdd7f21fc89df6ab106ab5f179985
SSDEEP

12288:9Qwr6qHh9ORC8B26Ue/NvbVvSBOYQFlgG69Mn+Gseljvj1tRsdcH:9Qze9O/T/19LFKqngSK+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 2176	4244	rundll32.exe	83
PID 4244 wrote to memory of 2176	4244	rundll32.exe	83
PID 4244 wrote to memory of 2176	4244	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1197675601f82151f4c1cd03d14908c3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1197675601f82151f4c1cd03d14908c3_JaffaCakes118.dll,#1
  2⤵
  PID:2176