752360fa2e2025d744e7f022a3efc93531ec918b2bccbb581b702634c9713444

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 06:06

Target

2f3e7213640d3b432b4a776f79486a35_JaffaCakes118.dll
Size

112KB
MD5

2f3e7213640d3b432b4a776f79486a35
SHA1

29faae3ae033e768848dae1c0c82dfb82a68ee6f
SHA256

752360fa2e2025d744e7f022a3efc93531ec918b2bccbb581b702634c9713444
SHA512

58bc3cec62c96a1dc481fd9205ec59f4436bd445d0e246dfa47589ca046bb8ac7f39557b05b16b8d8a431ed1ab851ffe3d824aa51005958a328d7cba83326356
SSDEEP

3072:djgOgvOGBdAFp2PDyXJdP+cUa/AYOj+I9yAX1g0uuNmfZOYpWRO:9JX1kRltLyZOY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 968	4004	rundll32.exe	82
PID 4004 wrote to memory of 968	4004	rundll32.exe	82
PID 4004 wrote to memory of 968	4004	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f3e7213640d3b432b4a776f79486a35_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f3e7213640d3b432b4a776f79486a35_JaffaCakes118.dll,#1
  2⤵
  PID:968