5ef0e2ba35f20f8b9401aa29e689893971d591a084dd659b06ad6e349279e0e1

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 14:02

Target

252ec60966a4e249d1fecbea52519438_JaffaCakes118.dll
Size

8KB
MD5

252ec60966a4e249d1fecbea52519438
SHA1

25cb1acd8537e08bcfcb13599f4c625f58a64815
SHA256

5ef0e2ba35f20f8b9401aa29e689893971d591a084dd659b06ad6e349279e0e1
SHA512

f56f8c40c51a9ab248a9cbcd24233b2429f58f40be2e3de9a2e23a99a24779551fc9eb12f94d1a0e499147ecb653c41126e41420dc2b71664b35e08f38c0214e
SSDEEP

96:SfFHWboL8oQOedmDtPC0TQ0ZdUM/SyhGvQd2BLELziOWDgWOWq0ZJ:UF2MLJPCOQsUoSyhGvtSt50Z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 2948	3396	rundll32.exe	81
PID 3396 wrote to memory of 2948	3396	rundll32.exe	81
PID 3396 wrote to memory of 2948	3396	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\252ec60966a4e249d1fecbea52519438_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\252ec60966a4e249d1fecbea52519438_JaffaCakes118.dll,#1
  2⤵
  PID:2948

memory/2948-0-0x00000000661C0000-0x00000000661C8000-memory.dmp

Filesize
32KB

Download