6264ff4b5cf185360a06fbc9f1297da8a228afe2534f5dbc48ecac7163067d95

Analysis

max time kernel
140s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 22:14

Target

21f28212aa1d77ea0cd886d7be387bad_JaffaCakes118.dll
Size

10.2MB
MD5

21f28212aa1d77ea0cd886d7be387bad
SHA1

1a73ab01ffeb2b597df94c93bc895021151b8197
SHA256

6264ff4b5cf185360a06fbc9f1297da8a228afe2534f5dbc48ecac7163067d95
SHA512

0544784d475194ee2bf9eceb4aee190debf35d07c8dba1955a6e912d207366e6a1ae463a08ba7e79d973e88d44950b973b4ad80cced69d1c1ee4ceda4b466138
SSDEEP

98304:TC+l8NWii+2eHVijFNjv34NAjriHNRrsIPYOx6qbHkciAUz5eylK7/iAXflijzJk:TCyDe1ITjwNAfitR4IxnU5ey4Xf6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 372	1496	rundll32.exe	84
PID 1496 wrote to memory of 372	1496	rundll32.exe	84
PID 1496 wrote to memory of 372	1496	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21f28212aa1d77ea0cd886d7be387bad_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21f28212aa1d77ea0cd886d7be387bad_JaffaCakes118.dll,#1
  2⤵
  PID:372

memory/372-0-0x0000000002660000-0x00000000030BD000-memory.dmp

Filesize
10.4MB

Download
memory/372-1-0x0000000002660000-0x00000000030BD000-memory.dmp

Filesize
10.4MB

Download