dcadcc285e7262d2f9f138e7c3ff0fa1ceca1d06d9e15c151f38eaa4f0a60eed

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 17:31

Target

fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll
Size

116KB
MD5

fad05b29cb610145e6b83e781e4eb044
SHA1

ef7ad0f593d38ef93111b289b5e3537a5227dde5
SHA256

dcadcc285e7262d2f9f138e7c3ff0fa1ceca1d06d9e15c151f38eaa4f0a60eed
SHA512

2f77d320f5f38e820dfc29da9b977447f6809c840c33fbed3d11ce46c96d520e64789ce6b35978b375b3cf1711dd2644b8142c72a07874afcfa0d57f2a0875ea
SSDEEP

1536:qcU+ec3KbmYT3R1vS42Tne/xRjvlZagwM3HD:qN+ec3KbmYbPV2TnephvlZagf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2804 wrote to memory of 3924	2804	rundll32.exe	rundll32.exe
PID 2804 wrote to memory of 3924	2804	rundll32.exe	rundll32.exe
PID 2804 wrote to memory of 3924	2804	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2804

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fad05b29cb610145e6b83e781e4eb044_JaffaCakes118.dll,#1
2⤵
PID:3924

memory/3924-0-0x00000000005F0000-0x00000000005F9000-memory.dmp

Filesize
36KB

Download