208b985fe121194dcf376da9d728d76cfa1ac6e769fff0cd08748744f73c6ec9

Analysis

max time kernel
134s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 13:34

Target

3fb8c0ff7282e95cfc844366e754f10a_JaffaCakes118.dll
Size

840KB
MD5

3fb8c0ff7282e95cfc844366e754f10a
SHA1

5f1b7bc632623a146bcd3f4620ef6ed653ee1fb5
SHA256

208b985fe121194dcf376da9d728d76cfa1ac6e769fff0cd08748744f73c6ec9
SHA512

2888722f66e90bdf3897705cb1e17c5697a988960c65cc9c769d2eb1bbe9a2efb88c2942777dfa12dbaa93ec17a68de370baf41dae2a5edb84bc56ec88945bca
SSDEEP

12288:IefrRSa1rIf72rjKFo5Hi62ykhxFv3DFBj115eyRzypp25jWSLOtRsRy8:Ie9drIfUC6i62txFv3DH5LypUkuf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 3804	4700	rundll32.exe	83
PID 4700 wrote to memory of 3804	4700	rundll32.exe	83
PID 4700 wrote to memory of 3804	4700	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fb8c0ff7282e95cfc844366e754f10a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fb8c0ff7282e95cfc844366e754f10a_JaffaCakes118.dll,#1
  2⤵
  PID:3804