d92758a8703e65960c14c59e272247e9d364058013c99529f3fe732129eafb4e

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 17:07

Target

3e2cdda4d16a2833075d055085d2f307_JaffaCakes118.dll
Size

159KB
MD5

3e2cdda4d16a2833075d055085d2f307
SHA1

fd9fb3591743457cb4e71c4b6fd638b8d62acb76
SHA256

d92758a8703e65960c14c59e272247e9d364058013c99529f3fe732129eafb4e
SHA512

af0d319f0ff9c56c3d3f835c296b75933da66784579624b43bf91306ec12e873c0ce5b94d11415b804e87ea60cc76436ac93b2103ed4f39b8c64ff1600a73f15
SSDEEP

3072:5/NrMHpfUkW+AvBMG6G38ZIVOd42ne/X9z71rm:ZdMJ8kW+AvBMG6G38m4T+9zBrm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 3548	3960	rundll32.exe	83
PID 3960 wrote to memory of 3548	3960	rundll32.exe	83
PID 3960 wrote to memory of 3548	3960	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2cdda4d16a2833075d055085d2f307_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3e2cdda4d16a2833075d055085d2f307_JaffaCakes118.dll,#1
  2⤵
  PID:3548