4adfba86c6bb962570cc60f18cf1712a8c31bfd12830b504143d5d1f3546f221

Analysis

max time kernel
140s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 09:37

Target

2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll
Size

110KB
MD5

2440443f861970f24b7cc95747131f4b
SHA1

7cf5ee4ed44cabd1f8e05745f6aae46c72ad99c0
SHA256

4adfba86c6bb962570cc60f18cf1712a8c31bfd12830b504143d5d1f3546f221
SHA512

b03e8ef49a51a1a098d34f8bb70391b6676f62548b995e46c36661f44500ec55d53b89aa1c1f0d4f56d48cbc612f9482344ac2b16be76f6a05711ad2bd608226
SSDEEP

3072:SiBhgqalOv2jSey+5lmrUSFURu666ws66LZp9:vBGqacbel5GOo6t66LZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3984	2988	rundll32.exe	82
PID 2988 wrote to memory of 3984	2988	rundll32.exe	82
PID 2988 wrote to memory of 3984	2988	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2440443f861970f24b7cc95747131f4b_JaffaCakes118.dll,#1
  2⤵
  PID:3984

memory/3984-1-0x0000000002200000-0x0000000002269000-memory.dmp

Filesize
420KB

Download
memory/3984-0-0x0000000002200000-0x0000000002269000-memory.dmp

Filesize
420KB

Download