f79f73045a3c8c096ca6275fb72c5e5f1ca449e27a623ffd54cf675972bcb9c5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:19

Target

03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll
Size

11KB
MD5

03c0ab7de9d34a512ec128fce27277f9
SHA1

92e53fe59813595aeb6834a0d15bf2ea80f41d6d
SHA256

f79f73045a3c8c096ca6275fb72c5e5f1ca449e27a623ffd54cf675972bcb9c5
SHA512

07d302051edb6dc60fb1abecb5bbf9e261e9fbfd54abf9c074ca100123a00b31031627925a5e6619f656a0ce44ac24da2a6b1b8c720e721f588f6189386642f5
SSDEEP

192:PRuQHUj/++h5nqNMyIy49sF4A7lVlt3G4SDqr8Rcr98UYp:purjxXnqcT9sF7n3GzDHR8TYp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 240 wrote to memory of 248	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 248	240	rundll32.exe	rundll32.exe
PID 240 wrote to memory of 248	240	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:240

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03c0ab7de9d34a512ec128fce27277f9_JaffaCakes118.dll,#1
2⤵
PID:248

memory/248-0-0x0000000061700000-0x000000006170F000-memory.dmp

Filesize
60KB

Download