c3ef62942c1d4655fab202bd82575d23e0e5084dfd3b3d3a8a1933ac18c47096

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 18:54

Target

5d3c1df0b7565baef86083affc21ef4c_JaffaCakes118.dll
Size

340KB
MD5

5d3c1df0b7565baef86083affc21ef4c
SHA1

e00dac0119ad5d66bbfb9f7fa75cf524091c8d10
SHA256

c3ef62942c1d4655fab202bd82575d23e0e5084dfd3b3d3a8a1933ac18c47096
SHA512

fd8a1dd1f3b8623ebc3a50ec6a9ebd8c581624d1db58442857615055611733518607af77d7dd2416f1d144269f929aff8df1aebaeab14059c62a3973cb52d3b1
SSDEEP

3072:cvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:c206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4336	4852	rundll32.exe	84
PID 4852 wrote to memory of 4336	4852	rundll32.exe	84
PID 4852 wrote to memory of 4336	4852	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d3c1df0b7565baef86083affc21ef4c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d3c1df0b7565baef86083affc21ef4c_JaffaCakes118.dll,#1
  2⤵
  PID:4336