9333e528af1a46b542499afa3987ac2007ce3c3bdef54747c8743cd1c5ccd0a4

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 02:12

Target

3ba0178d3c867ec9bc4646c49157708c_JaffaCakes118.dll
Size

102KB
MD5

3ba0178d3c867ec9bc4646c49157708c
SHA1

6266fd2fd09b3179e6a23366a6c6dfe0ffc468f8
SHA256

9333e528af1a46b542499afa3987ac2007ce3c3bdef54747c8743cd1c5ccd0a4
SHA512

e30cba2a038984e26547ae33a932bedf648dc9fd86aa72279bea7767dcf6930edf792c57d9bb2354f09801b0bc305aa2e114912d40fb83afb8065e6e6e51f688
SSDEEP

3072:AFxRn0jC0/5ckKmb9tRS9+q69gtT6+G0B+:exx0jTKC1ScB9gtT7G0o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 4212	4732	rundll32.exe	83
PID 4732 wrote to memory of 4212	4732	rundll32.exe	83
PID 4732 wrote to memory of 4212	4732	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ba0178d3c867ec9bc4646c49157708c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ba0178d3c867ec9bc4646c49157708c_JaffaCakes118.dll,#1
  2⤵
  PID:4212