a3c1e131849aad4583b84e8273bdd7e31cc80fcaa5fb39c25ed951aca12d84f3

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 20:59

Target

31f4c4c48199fdd299b9011c1d167786_JaffaCakes118.dll
Size

87KB
MD5

31f4c4c48199fdd299b9011c1d167786
SHA1

f5c32daec2d94da4026aa9204ce902c426fb894c
SHA256

a3c1e131849aad4583b84e8273bdd7e31cc80fcaa5fb39c25ed951aca12d84f3
SHA512

f5d0a537e851f79fb43a978a34b6bb03897666230ebc90ce8494a697215f22a6b0297101b92e837e6b977dc0fbeb7edc156d117bf9020b061e9079748b7357f7
SSDEEP

1536:gi4XFI8O4HgxxQ0k9VYzvcs3Hmfx9Kldjuv2Bsh8:g1XFIlQDkzvR3HQx9K/juv2Bsh8

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\sys32\sys32.sys	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 4516	4112	rundll32.exe	81
PID 4112 wrote to memory of 4516	4112	rundll32.exe	81
PID 4112 wrote to memory of 4516	4112	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\31f4c4c48199fdd299b9011c1d167786_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\31f4c4c48199fdd299b9011c1d167786_JaffaCakes118.dll,#1
  2⤵
  - Drops file in Drivers directory
  PID:4516