c177d55025369d9f77ed441aa31fe96e3c06a4557ef94e2e63b26757b2db72f1

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 11:00

Target

fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll
Size

84KB
MD5

fc9b8ef801fa8535c91991dcc97383b6
SHA1

45d82f3a6fa8862a64da8552a6f7ca921ecd02f9
SHA256

c177d55025369d9f77ed441aa31fe96e3c06a4557ef94e2e63b26757b2db72f1
SHA512

bfd8e627159891bc8369236350d75ec02d64cb83d0a6c4df492b0d8e93777356bef1850504a8250fb8692f9b5db272df32d779242aa4ee812d42714071bb3c6f
SSDEEP

1536:vHEkhVjF6SR6r/ISOraiKj6k/v8Vui9moz7DALpBoT1:vHEkhVjF96b0oj6kcVdcE7D8c1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3476 wrote to memory of 1332	3476	rundll32.exe	rundll32.exe
PID 3476 wrote to memory of 1332	3476	rundll32.exe	rundll32.exe
PID 3476 wrote to memory of 1332	3476	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3476

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc9b8ef801fa8535c91991dcc97383b6_JaffaCakes118.dll,#1
2⤵
PID:1332

memory/1332-0-0x0000000000EB0000-0x0000000000EB9000-memory.dmp

Filesize
36KB

Download