96730575788d24a5abe951cb88b7f2add829e028369d5edfec3918c801190226

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 02:17

Target

f275e871a6e01e7827ab89b8dffd264a_JaffaCakes118.dll
Size

10KB
MD5

f275e871a6e01e7827ab89b8dffd264a
SHA1

d18e1c570f3b06feaef0030d57297c464027f73d
SHA256

96730575788d24a5abe951cb88b7f2add829e028369d5edfec3918c801190226
SHA512

5c8418528fc40341c2dff85be1a8760929458e06fde592d0f4891f59572e3a6466fb93138d4701eed83ba0d9b8685ab3ef1041141a49320e3689c79b714889a1
SSDEEP

192:UpLleet2t6GdmOhOCCK0Beo7o09vbP7sbE0IwF8hFwOISxerRkgUw9:8LlBwZQZK0B5FbP4XIpvtIfre

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 460	3452	rundll32.exe	83
PID 3452 wrote to memory of 460	3452	rundll32.exe	83
PID 3452 wrote to memory of 460	3452	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f275e871a6e01e7827ab89b8dffd264a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f275e871a6e01e7827ab89b8dffd264a_JaffaCakes118.dll,#1
  2⤵
  PID:460

memory/460-0-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download