1e1a950d71c49f063c775917864d4c2db3b7cce2ec94acd7dd9648083f50d946

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 11:17

Target

3d27a1ee514a1659b30e7ef0117d2555_JaffaCakes118.dll
Size

34KB
MD5

3d27a1ee514a1659b30e7ef0117d2555
SHA1

e9daadbdae5ec72897a5fd0f1f1cb7a2aefbee6a
SHA256

1e1a950d71c49f063c775917864d4c2db3b7cce2ec94acd7dd9648083f50d946
SHA512

122d7d86a1948b32ea020b5e3fbd6436f3a7cc2eb694e5ed0298621f9b426bfc0385c1dc93ca8b0350da3652f0fb65fc4e2af24e887cdab2ffec6e6f4d2326b9
SSDEEP

768:PpFCXEL6Chde6ZU2DKeEbJP7owLdiHNiO8hsKdR/DOf:PpFBLfhAyHKeg7owLE0XsKdRG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3328	2256	rundll32.exe	83
PID 2256 wrote to memory of 3328	2256	rundll32.exe	83
PID 2256 wrote to memory of 3328	2256	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d27a1ee514a1659b30e7ef0117d2555_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d27a1ee514a1659b30e7ef0117d2555_JaffaCakes118.dll,#1
  2⤵
  PID:3328