96eeacbb2cc80b3070852e8db375ee5d161d938fd7a3c75f9cd817c4b33cef7a

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 06:50

Target

2f5c8fd7098c04940c55db4e096a4c98_JaffaCakes118.dll
Size

497KB
MD5

2f5c8fd7098c04940c55db4e096a4c98
SHA1

d2f9dce1e112b94d720e6936dc3f49b796d7189c
SHA256

96eeacbb2cc80b3070852e8db375ee5d161d938fd7a3c75f9cd817c4b33cef7a
SHA512

5ae36d07c46fdbdc4e96e308aad0edf965538363484783d86168d0a4e52758f282501da86e5d36b9f185425ec0a22cccad4cbb02cefc1868726e39981df14bad
SSDEEP

3072:68+UcLoq3iaTHp7PE2xVuij+opmCZcFRqqvIPNR+wXd243KdoSnyiJK:68l3aNlGFRqqoz+wXA43Kdooyic

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4352 wrote to memory of 3736	4352	rundll32.exe	82
PID 4352 wrote to memory of 3736	4352	rundll32.exe	82
PID 4352 wrote to memory of 3736	4352	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f5c8fd7098c04940c55db4e096a4c98_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f5c8fd7098c04940c55db4e096a4c98_JaffaCakes118.dll,#1
  2⤵
  PID:3736