1fd9a2309c5c7b312feab3ff48b38909331b4c9ebdc0aeba1af1f47c99ac8f54

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 08:14

Target

48f3d7483cb83b5b5836ef9dece05d2f_JaffaCakes118.dll
Size

188KB
MD5

48f3d7483cb83b5b5836ef9dece05d2f
SHA1

2f944d499f2eb98269d5f27157ed9192e34a7176
SHA256

1fd9a2309c5c7b312feab3ff48b38909331b4c9ebdc0aeba1af1f47c99ac8f54
SHA512

848a250d63936998d21bcd29c67820476516641705844d63dbe4cd3016236a9ab59b1e224b3808d52122102cffdb0b8072e011d8f30a424c0c02821686d1cb59
SSDEEP

3072:+qT7flt/Z5W+nMX6V9BbEIBcbwx34zgKYsjMpPFhYFLH6zRHdWCE5joNb0A1g4Uz:Vlt/H1MXQ7waccxozgKYsjCthYFLHikf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 4156	1820	rundll32.exe	83
PID 1820 wrote to memory of 4156	1820	rundll32.exe	83
PID 1820 wrote to memory of 4156	1820	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48f3d7483cb83b5b5836ef9dece05d2f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48f3d7483cb83b5b5836ef9dece05d2f_JaffaCakes118.dll,#1
  2⤵
  PID:4156