3e5e91277d6b23908e30cbeefc82e9b6ce617c2bdc107cfb9f10932eb19e3002

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 03:03

Target

3fefea240495e487c30358c1e7d43660_JaffaCakes118.dll
Size

29KB
MD5

3fefea240495e487c30358c1e7d43660
SHA1

6b346160b69b817bc21c4eab952c1942f08bc745
SHA256

3e5e91277d6b23908e30cbeefc82e9b6ce617c2bdc107cfb9f10932eb19e3002
SHA512

d73d178defa81088d5fa1b024e2ce1f30912e74f8be4bf931fb4f40dd5922d43b4337f07a4966e76593112c03788dcaccfb75d3a5e505ed6020c780d6493f45a
SSDEEP

768:jzk6QG5io/SQen0Q+czDrJDcYVwl6I5VtXRg:jzLFT7HurJCX3tXRg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1456	1400	rundll32.exe	86
PID 1400 wrote to memory of 1456	1400	rundll32.exe	86
PID 1400 wrote to memory of 1456	1400	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fefea240495e487c30358c1e7d43660_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fefea240495e487c30358c1e7d43660_JaffaCakes118.dll,#1
  2⤵
  PID:1456