0859a888829a37a3a79cf10573ded97355a13eec17606758c38a8f845b9cee09

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 03:44

Target

3be02976aa09b1086be9ed45c68bc88a_JaffaCakes118.dll
Size

340KB
MD5

3be02976aa09b1086be9ed45c68bc88a
SHA1

12c98d82f1a8fa640f09fdb30b9bb8734637b389
SHA256

0859a888829a37a3a79cf10573ded97355a13eec17606758c38a8f845b9cee09
SHA512

d8a976ddbec66d3d631f2267e5448c11112eb7b087117dd32e2bf07315336c15e6e97fe5009aa75cde0429929f2314daf4933560e20ff62a8ae2d9643bcd7311
SSDEEP

3072:uvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:u206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 2816	3184	rundll32.exe	83
PID 3184 wrote to memory of 2816	3184	rundll32.exe	83
PID 3184 wrote to memory of 2816	3184	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3be02976aa09b1086be9ed45c68bc88a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3be02976aa09b1086be9ed45c68bc88a_JaffaCakes118.dll,#1
  2⤵
  PID:2816