010f43a3265bb2657e60475f467403a5221d385b1dd64e64c3c7bcece094c964

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 02:26

Target

5a16aeff63726352a954b6c10a9831f9_JaffaCakes118.dll
Size

159KB
MD5

5a16aeff63726352a954b6c10a9831f9
SHA1

420a6cc2a1a2b32edaf01d9b8e40bb98c2080718
SHA256

010f43a3265bb2657e60475f467403a5221d385b1dd64e64c3c7bcece094c964
SHA512

2472f8c051a29dc6f63bc4a733cdcccbc30b92ba69be465c6bf64e0899e537b1b25fd5d726d2aca16255a8be8d3554d2cc1857661de188fb1d86377981c49aea
SSDEEP

3072:cCaVbFCubeuTmDkESmP6Y0Dv0DzxOpyveIn0C2cJaJFs0r9gkJKqDm+TAnBRjvt:cChua2mowzwA0C2ckJ4f+iBRjv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 3460	1252	rundll32.exe	84
PID 1252 wrote to memory of 3460	1252	rundll32.exe	84
PID 1252 wrote to memory of 3460	1252	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a16aeff63726352a954b6c10a9831f9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a16aeff63726352a954b6c10a9831f9_JaffaCakes118.dll,#1
  2⤵
  PID:3460