3f9e3503b9d314e7ac6caaec3de0aa56296bf491b39023e6730d6de481ec46eb

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 16:44

Target

5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118.dll
Size

144KB
MD5

5cc999a7bf8ce5139c9feb136167a232
SHA1

c004e3f3ffbe15ecdad4a9461e1c48d5e8b5d622
SHA256

3f9e3503b9d314e7ac6caaec3de0aa56296bf491b39023e6730d6de481ec46eb
SHA512

6681ebe809009a8abd67df341bf62a532cb7e9885471d57998282fb6ac54684cd62eca78ad6c1b51d1214d0978aac942c02ae5fa2954ff9a9f624c5c40f82194
SSDEEP

1536:xbBDw3LHMXuzlFCGEAIibETtW33Gn+WgRcpOFIDWpgqE8tQSnoI+4Hgz:xbBOmMcGhIy1W+NKUpgOtQSnoQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1612	956	rundll32.exe	84
PID 956 wrote to memory of 1612	956	rundll32.exe	84
PID 956 wrote to memory of 1612	956	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118.dll,#1
  2⤵
  PID:1612