ec8179a9572c6a021ba4b1049aff043c4bbbf1151c8d8e24149c8ae8d507d710

Analysis

max time kernel
93s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 22:31

Target

3f21769100624f3bd919aeb734529ebe_JaffaCakes118.dll
Size

33KB
MD5

3f21769100624f3bd919aeb734529ebe
SHA1

067cd4476854446faea92856f8e6032069b46ece
SHA256

ec8179a9572c6a021ba4b1049aff043c4bbbf1151c8d8e24149c8ae8d507d710
SHA512

6739901fbef33a2c288b071c942b06ab5ecded9147287b248927e1795b336715ce1e7d35689ad2a251939edf11ff804df454ad2bb6ad10896ae0607277007b40
SSDEEP

768:wSn1bTS2JZHNZCyxpzm7N6X7Lfdhh5hcD/4s+pR3zmgZ:wSn1bTSypSu7LFhzC8s+pRjmO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 2836	4232	rundll32.exe	83
PID 4232 wrote to memory of 2836	4232	rundll32.exe	83
PID 4232 wrote to memory of 2836	4232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f21769100624f3bd919aeb734529ebe_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f21769100624f3bd919aeb734529ebe_JaffaCakes118.dll,#1
  2⤵
  PID:2836