ab03ff11cea8fdb40b044a6157c3ab9f3f1827ad22ef31e36b12052b9b1c1443

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 23:15

Target

3f422a9481a64daa989422d6d2b5c432_JaffaCakes118.dll
Size

41KB
MD5

3f422a9481a64daa989422d6d2b5c432
SHA1

2581c97b296f51dee2de742ee23a50e92f23310e
SHA256

ab03ff11cea8fdb40b044a6157c3ab9f3f1827ad22ef31e36b12052b9b1c1443
SHA512

6928afbe8d898a39c0cc9808b0da395c6a7de2e9b42dc2835096855e6fd98b6013130c79315ecc3727e13485b92f39bb7ac9f0ff8616f7251db526e6b3cbcb5a
SSDEEP

768:RqbpQ0nPK6ID3Gj/7Hh2+hP6kWBJRo152:RqbpQ0LIDWb7HhnhdaJRgM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 892 wrote to memory of 3260	892	rundll32.exe	83
PID 892 wrote to memory of 3260	892	rundll32.exe	83
PID 892 wrote to memory of 3260	892	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f422a9481a64daa989422d6d2b5c432_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f422a9481a64daa989422d6d2b5c432_JaffaCakes118.dll,#1
  2⤵
  PID:3260