52ec5293830b248fe7d1cc0ce8f6e8c8969465b1e71f887128bff576de92e78e

Analysis

max time kernel
85s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 03:07

Target

f28b574bdacc3a121018c5085992c7a5_JaffaCakes118.dll
Size

124KB
MD5

f28b574bdacc3a121018c5085992c7a5
SHA1

3d1eeabce3218b48c09f730e4fd91b79f46a9b16
SHA256

52ec5293830b248fe7d1cc0ce8f6e8c8969465b1e71f887128bff576de92e78e
SHA512

744cc73b9b1662c6321a854afca4721f4cc9da7328c87076b7b56c7db967901e160eda71dd53308b6efabcaac809aa60d99c7577b97c0417ea192207fd44caa5
SSDEEP

3072:HXxOeUTg7o0HEVhkPK7HmyZ94DpLrJrVY3jfwjlhSv9nrPOD:BbUT10LPKwJCjfw+RPOD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 1508	2884	rundll32.exe	84
PID 2884 wrote to memory of 1508	2884	rundll32.exe	84
PID 2884 wrote to memory of 1508	2884	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f28b574bdacc3a121018c5085992c7a5_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f28b574bdacc3a121018c5085992c7a5_JaffaCakes118.dll,#1
  2⤵
  PID:1508

memory/1508-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/1508-2-0x0000000000DF0000-0x0000000000DFA000-memory.dmp

Filesize
40KB

Download
memory/1508-1-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download