91fef89d937b9a8c683d9ea6bc35cb53fb8fa0e1c65f2f997a66718f901c151e

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 07:01

Target

3c65e9813ea75b2f0d926cc775cf8e14_JaffaCakes118.dll
Size

10KB
MD5

3c65e9813ea75b2f0d926cc775cf8e14
SHA1

429e6a337bdcfa9940fa5cd2dc115de3ac614a3d
SHA256

91fef89d937b9a8c683d9ea6bc35cb53fb8fa0e1c65f2f997a66718f901c151e
SHA512

4bd3542da4a58416508a46a25703a0f40fe47c4c60b9e8b1e5072b9edb0c71469e96cae64b6559c31573a760b7fa54f12e80187f1e3e91525258bd4b894a8758
SSDEEP

192:6PCOB2aWRxqSzBzcSsTfYPzKfV1GSDEOG2tsSKsOFQ:6PQRx4S+GKd1nETS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2516	1900	rundll32.exe	83
PID 1900 wrote to memory of 2516	1900	rundll32.exe	83
PID 1900 wrote to memory of 2516	1900	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c65e9813ea75b2f0d926cc775cf8e14_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c65e9813ea75b2f0d926cc775cf8e14_JaffaCakes118.dll,#1
  2⤵
  PID:2516

memory/2516-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download