ced5f3787b7f52972d493d1c71048f349888433f7f680ce147077cd71639d6c0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 11:54

Target

2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll
Size

23KB
MD5

2c3f141d48ff7e930a60ea2564001d11
SHA1

be18e088bcc2c5764a6e4190a6bc8a8dacd82759
SHA256

ced5f3787b7f52972d493d1c71048f349888433f7f680ce147077cd71639d6c0
SHA512

cb335687545e444c44e53ba3a83b26fd411c549d0786fc3b37223d1e3b0a240d287261017af9bff765da0504bfd7598a206c44d5f1c21747c619236b1d5772ec
SSDEEP

384:l5cQp6Z8D2bZhp+1sMBGVrc+wLiVKfggk7KfH082MhqEGKwFIUm72:LkuqkHBGRcnLSdgk7M0grwFDk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 2432	3348	rundll32.exe	82
PID 3348 wrote to memory of 2432	3348	rundll32.exe	82
PID 3348 wrote to memory of 2432	3348	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c3f141d48ff7e930a60ea2564001d11_JaffaCakes118.dll,#1
  2⤵
  PID:2432