9f3bf80b05ffa576c1009ec6e91eab82ca01eb46a82f9105f81b3db587a5195e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 03:38

Target

37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll
Size

187KB
MD5

37918f717d1e234ceaa8715d615054d0
SHA1

17fda5fca96cee14ac008d6b546a6c91dd3ae59e
SHA256

9f3bf80b05ffa576c1009ec6e91eab82ca01eb46a82f9105f81b3db587a5195e
SHA512

d5d733345c23575eb4adad88db4b650c363b01622d80dcbe64d55087d8cd9f9fcd6a3b510f3bfa449ddd54f068487249a1c073fac6bfda58c9b6601c850049dd
SSDEEP

3072:5/NrMHpfUkW+AvBMG6G38ZIVOd42ne/X9PsYVcAdOHU5VFWc:ZdMJ8kW+AvBMG6G38m4T+9P1rdLrFWc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 5064	4536	rundll32.exe	82
PID 4536 wrote to memory of 5064	4536	rundll32.exe	82
PID 4536 wrote to memory of 5064	4536	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37918f717d1e234ceaa8715d615054d0_JaffaCakes118.dll,#1
  2⤵
  PID:5064