5137c584d4f1a5caf62f8c003c131107bbc181a14cf7f625485123313a77ea12

Analysis

max time kernel
92s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 05:19

Target

f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll
Size

54KB
MD5

f996e58393da72d1d54124e1f98f375b
SHA1

df99b5a0d59f5e21dacc20bf1a6b1a157a55dfbc
SHA256

5137c584d4f1a5caf62f8c003c131107bbc181a14cf7f625485123313a77ea12
SHA512

53da512375058455821e2c31820caab2c9d158b27e0fdfd44746939d0f5bbe4f2feed3143584c94c58d42f1019d0f965b6d7e5ac3737a9f97527cc2a6f107157
SSDEEP

768:dni4Qe1vZl2qsmjZ92C1wp2J14wzyqG6J7wIPnLNuiaIyasi8rR:smf8+juoG2J14wFG6RFPLQIya4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1140 wrote to memory of 2760	1140	rundll32.exe	rundll32.exe
PID 1140 wrote to memory of 2760	1140	rundll32.exe	rundll32.exe
PID 1140 wrote to memory of 2760	1140	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f996e58393da72d1d54124e1f98f375b_JaffaCakes118.dll,#1
2⤵
PID:2760

memory/2760-0-0x00000000029A0000-0x00000000029A9000-memory.dmp

Filesize
36KB

Download