3f8338bf8c2b7d6d8d999a3d7cc35d759f9fb5b32a287d54647162ac715a17c7

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 18:26

Target

170b4e91044605e550f10130d9bd0cb6_JaffaCakes118.dll
Size

204KB
MD5

170b4e91044605e550f10130d9bd0cb6
SHA1

63b8acbf7c24cbf07cf8e72e0fe0d5328a5461ce
SHA256

3f8338bf8c2b7d6d8d999a3d7cc35d759f9fb5b32a287d54647162ac715a17c7
SHA512

2351e9d34870729bf519f9a7e76d1bc6cedee65ba393b78745c0aa4531b158716b5be4c9d235db3b41fe9c334e826af51b5a2dd4c0d3abd655d254b8e7202a6d
SSDEEP

3072:4L4VDxk7xWamNdyDIRzHJc0nJ2VbWMk7V7wBkSqcmRlvmI0qHhcO5VHfeGHzkswl:odJv0Jl7WK4swYCpr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1204	2184	rundll32.exe	81
PID 2184 wrote to memory of 1204	2184	rundll32.exe	81
PID 2184 wrote to memory of 1204	2184	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\170b4e91044605e550f10130d9bd0cb6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\170b4e91044605e550f10130d9bd0cb6_JaffaCakes118.dll,#1
  2⤵
  PID:1204