504e9d978c66600239c539ef0c27f33ea4f4bf542bbd0315f413235404b22044

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2024, 12:12

Target

ed6540227da5e278dcfd9fea10c0522c_JaffaCakes118.dll
Size

118KB
MD5

ed6540227da5e278dcfd9fea10c0522c
SHA1

5b0f0a2d9c280e53ed390136ff93e26c18726ab2
SHA256

504e9d978c66600239c539ef0c27f33ea4f4bf542bbd0315f413235404b22044
SHA512

1e9e5cf0bc16da09d8fa488f4c67c242b3ae26d4a504e11ef228d070a48dc0d1caafc85d6d30536a7ea3e25f983530b1122fd231ba3bb7827f29fe07322ced2d
SSDEEP

3072:U5JNakHH76tjEov/IxweCrf7oTijyfULmdbEo7jI81F:U5Dakygov/eweuIay8LmNBIC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 3524	740	rundll32.exe	82
PID 740 wrote to memory of 3524	740	rundll32.exe	82
PID 740 wrote to memory of 3524	740	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6540227da5e278dcfd9fea10c0522c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed6540227da5e278dcfd9fea10c0522c_JaffaCakes118.dll,#1
  2⤵
  PID:3524

memory/3524-0-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download
memory/3524-1-0x00000000007A0000-0x00000000007AA000-memory.dmp

Filesize
40KB

Download