f5f48529945ba616c16df700fd054f1868976d3166c1953d802f95cae93d4a91

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2024 06:24

Target

3808dfe3c6f3a05bb92393cf6667a272_JaffaCakes118.dll
Size

32KB
MD5

3808dfe3c6f3a05bb92393cf6667a272
SHA1

e033919b38ffcd3ff39d4a8a8f2f56b1b2eb7776
SHA256

f5f48529945ba616c16df700fd054f1868976d3166c1953d802f95cae93d4a91
SHA512

c3242873877b6a9c2eac49597036c2ac9a10405b0f495540f4743ccba7c3f3b0ba28af19a1a2c5a75c1e0cbae166a846d70798949776d928a52a1fd37fe18f2e
SSDEEP

768:lDO45fBwQ5nbTTNzj77FbX2ItOA8RH9HX:lj5f5TBT7FbXViRd3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 3908	4800	rundll32.exe	83
PID 4800 wrote to memory of 3908	4800	rundll32.exe	83
PID 4800 wrote to memory of 3908	4800	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3808dfe3c6f3a05bb92393cf6667a272_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3808dfe3c6f3a05bb92393cf6667a272_JaffaCakes118.dll,#1
  2⤵
  PID:3908