a089603ad6aa0845830f89cf6cc678ab44ab3743cc64bf616de0c447ad445cfc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 03:17

Target

3ffa35d630703afb63fc0781c703f8de_JaffaCakes118.dll
Size

92KB
MD5

3ffa35d630703afb63fc0781c703f8de
SHA1

211b779da3b663dbb99b6896d7f62051becec2fa
SHA256

a089603ad6aa0845830f89cf6cc678ab44ab3743cc64bf616de0c447ad445cfc
SHA512

6a74de693550169d95ad2d6969959e72962ac79b044e9ba1173c0c5acbd2b20dcd33a991fa33e38d3b03dd8b38d548ba2a1eac74e81117e4e47b61effad7ecee
SSDEEP

1536:4tBPkuSu6dBbnIRzMm7fPaGF0ybPoScz/b+vnE5CdP2d+Dms:yB8zDjnItMmbPaCxcTz+vnE58Ys

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 632	2292	rundll32.exe	83
PID 2292 wrote to memory of 632	2292	rundll32.exe	83
PID 2292 wrote to memory of 632	2292	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffa35d630703afb63fc0781c703f8de_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ffa35d630703afb63fc0781c703f8de_JaffaCakes118.dll,#1
  2⤵
  PID:632