19b1a732c7794def7307ae1b23fe1b968f47b786e2a460a38a2ce1336107b140

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 22:30

Target

3f20ab2e8a00274132118d8f3438a0ed_JaffaCakes118.dll
Size

136KB
MD5

3f20ab2e8a00274132118d8f3438a0ed
SHA1

2646b6d18f07ca588445676845986cb21dda9d4c
SHA256

19b1a732c7794def7307ae1b23fe1b968f47b786e2a460a38a2ce1336107b140
SHA512

791f5527ce12c48d459715ca5aadf28a337bba0c499cf4ce72412870c503827618064f31244d018d0f0fed95dd8c56c51f253935aa9dc90cdacc52d2589b5f68
SSDEEP

3072:0yQ4SZRskUeaaZ/OlymWqno+nni1RTC9uO7logyv:0yqUkUeaaclD5WRTOygG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 3624	1188	rundll32.exe	83
PID 1188 wrote to memory of 3624	1188	rundll32.exe	83
PID 1188 wrote to memory of 3624	1188	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f20ab2e8a00274132118d8f3438a0ed_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f20ab2e8a00274132118d8f3438a0ed_JaffaCakes118.dll,#1
  2⤵
  PID:3624