3098e2d592adb842476dbf16f975a7e7c0c31beba238cc08c7c68b7c7e447217

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 09:51

Target

158e3e5c7b9710b95a902350d37252ef_JaffaCakes118.dll
Size

28KB
MD5

158e3e5c7b9710b95a902350d37252ef
SHA1

75dc32dfc3c5ee1cde53289e28a8be66f3210b87
SHA256

3098e2d592adb842476dbf16f975a7e7c0c31beba238cc08c7c68b7c7e447217
SHA512

03c98fe27cc53c5dcd73d855c2263046816edb373ee74313bfe7a5b12c65df972b6c7e3dffbff42246fdc7396a215db4e4a1357f991e3a085220f31700f79705
SSDEEP

768:cs/8I76whxzBVrh6p/DH+H0+UMNpU/7p1MkwE:c5bspspLHixnpqwBE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2188	2664	rundll32.exe	81
PID 2664 wrote to memory of 2188	2664	rundll32.exe	81
PID 2664 wrote to memory of 2188	2664	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\158e3e5c7b9710b95a902350d37252ef_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\158e3e5c7b9710b95a902350d37252ef_JaffaCakes118.dll,#1
  2⤵
  PID:2188