b0c3028a892829dee7f49e291fbcfbed49aea74192c14d2d9ef56f593be026d2

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 23:30

Target

26a30fe4795fec56c1d0a0a4f1b95491_JaffaCakes118.dll
Size

33KB
MD5

26a30fe4795fec56c1d0a0a4f1b95491
SHA1

df875e83d5a1905313333b12fe6c8f58ec5256b0
SHA256

b0c3028a892829dee7f49e291fbcfbed49aea74192c14d2d9ef56f593be026d2
SHA512

fe7dace5da4a96f1f4b3be00eb1265ff6f7e9de6075bc8f4839de75898154af4e26f3eb354774fc7ace29aa1f3ef9f2c4aef1cacbe47ad19be7e3028d1a673d7
SSDEEP

768:GQC39bq5oxE2AdR40kYO2lg7EW1DdgI5hqDMTR5b+b:GQwgAEw0kY87EWddgWk+Rd+b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3068	2216	rundll32.exe	81
PID 2216 wrote to memory of 3068	2216	rundll32.exe	81
PID 2216 wrote to memory of 3068	2216	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26a30fe4795fec56c1d0a0a4f1b95491_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26a30fe4795fec56c1d0a0a4f1b95491_JaffaCakes118.dll,#1
  2⤵
  PID:3068