0c40638488d61c0571dfa72b0e43e690e44caa1f8b061e288a6e1304b5246977

Analysis

max time kernel
147s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 18:57

Target

f88f2715f21c265c02c6ebdf1cd0728d_JaffaCakes118.dll
Size

50KB
MD5

f88f2715f21c265c02c6ebdf1cd0728d
SHA1

80437b13999322d34938e0f4d4f9e9ec5e769299
SHA256

0c40638488d61c0571dfa72b0e43e690e44caa1f8b061e288a6e1304b5246977
SHA512

b8406c125f8a82abd8c6b1a4c8753122d867dfd3f0352d279b87061083f0c7ba20c8b3a7d19bebe51afa3e56e7d93ac489271ad1552d697b590ecdf47b708edb
SSDEEP

768:s2mKiJzFSyiQa47c6ZtOJM0TXPnndyjugJoYcREc4F84pjVFWF7G9GbVRVOx+4D2:s2liuhkOJRTnndybMEc4F84dW2GNO1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 1676	2084	rundll32.exe	83
PID 2084 wrote to memory of 1676	2084	rundll32.exe	83
PID 2084 wrote to memory of 1676	2084	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f88f2715f21c265c02c6ebdf1cd0728d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f88f2715f21c265c02c6ebdf1cd0728d_JaffaCakes118.dll,#1
  2⤵
  PID:1676

memory/1676-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download