3e29e8aac6d91784a504f587729deca0c68aba3565f0e0732e01eabe06f3c4b1

Analysis

max time kernel
142s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 18:47

Target

35f17bff472770829a9c887e755b873c_JaffaCakes118.dll
Size

783KB
MD5

35f17bff472770829a9c887e755b873c
SHA1

6aa4e84319d1c244dd1ed31b2ef72c5b99664271
SHA256

3e29e8aac6d91784a504f587729deca0c68aba3565f0e0732e01eabe06f3c4b1
SHA512

4bf4c2c4b38527a4feeff163bdc82675244f5b0eec1b39bd928862c8fd30ef9129e6fc70005f1020dade18cda13002cf8a69a8d32db0fb5a2b444850f6e810fb
SSDEEP

12288:1pix6X9+b7Kvn+u+3Vut8vSVc0dvsIaBMnWGCbFh6j:fYrb7KP8kWsvsI+6eRm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5332 wrote to memory of 5280	5332	rundll32.exe	82
PID 5332 wrote to memory of 5280	5332	rundll32.exe	82
PID 5332 wrote to memory of 5280	5332	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35f17bff472770829a9c887e755b873c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35f17bff472770829a9c887e755b873c_JaffaCakes118.dll,#1
  2⤵
  PID:5280