3805829f70d5c02456a9e99c72c0a04c0ac30189f2be2a22ba70352a6e53d85e

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 16:12

Target

faac840cdbed6a7d6dcb9a4bde788f60_JaffaCakes118.dll
Size

34KB
MD5

faac840cdbed6a7d6dcb9a4bde788f60
SHA1

85f906a7b9c1bfabd3df73a30afa905d3efbe6d6
SHA256

3805829f70d5c02456a9e99c72c0a04c0ac30189f2be2a22ba70352a6e53d85e
SHA512

608f81d65f65856edb0908271b0e73499d1ee7356f923fbfe71926934e993e9ffd3807104f0ea26f9b2323e7f1065309c850e219bfa7c9ac1f6f7cc0ab075ebc
SSDEEP

768:BFNrvyFIJq5k4FC2HQUZwwrkT2q03aNVB/UulqlqK+SIyuFy/6/QCfrqsgMo:Bvvpmk1UZww02VsVB/UMqlq6uIyVzo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 5060	404	rundll32.exe	84
PID 404 wrote to memory of 5060	404	rundll32.exe	84
PID 404 wrote to memory of 5060	404	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\faac840cdbed6a7d6dcb9a4bde788f60_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\faac840cdbed6a7d6dcb9a4bde788f60_JaffaCakes118.dll,#1
  2⤵
  PID:5060

memory/5060-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/5060-1-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download