f8cc2feb82fc5cd6bf40ed9c60d5d16fe61cf426f56a215e39443f0ab496d282

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 18:51

Target

f41bbd39f0be4e786f37f0335d9e2a0c_JaffaCakes118.dll
Size

15KB
MD5

f41bbd39f0be4e786f37f0335d9e2a0c
SHA1

d5c23c91377db63a71cd25c33ca98f1a69830053
SHA256

f8cc2feb82fc5cd6bf40ed9c60d5d16fe61cf426f56a215e39443f0ab496d282
SHA512

489ecab7bf313b9fe3380c71be828f65716095e7682203fe57995f545d462d2b0a0d7b7032145b0677bdb41ba792a06df8131f35b4a41b122c26bab51762f101
SSDEEP

384:axSDqRyY9pGT5SywikbuXIx3WetR0XqrZ:jY7Gd/whbBxGez0Xq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 3492	3764	rundll32.exe	85
PID 3764 wrote to memory of 3492	3764	rundll32.exe	85
PID 3764 wrote to memory of 3492	3764	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f41bbd39f0be4e786f37f0335d9e2a0c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f41bbd39f0be4e786f37f0335d9e2a0c_JaffaCakes118.dll,#1
  2⤵
  PID:3492

memory/3492-0-0x0000000001450000-0x0000000001456000-memory.dmp

Filesize
24KB

Download
memory/3492-1-0x0000000001450000-0x0000000001456000-memory.dmp

Filesize
24KB

Download