16b90a2a33eb0ee77808dc95ba87fc08f8b76ca4c4cbfdfc2ec65121f0b2c654

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
19-05-2024 05:12

Target

58b71252bf2d489141518620d297be2a_JaffaCakes118.dll
Size

378KB
MD5

58b71252bf2d489141518620d297be2a
SHA1

a7f554a1b9fba7880ba80f3138a2e31aab899263
SHA256

16b90a2a33eb0ee77808dc95ba87fc08f8b76ca4c4cbfdfc2ec65121f0b2c654
SHA512

90ef7413a3158d1ea2a150cd333d234c8b247c7d1698950a62f1d4df89342d953a679bd30172119bab7e8b9c8f5ea8c521c8dc7c22dc46d6741465e504f76c4b
SSDEEP

6144:KojzIWmeMy+048lqjO4vGTCraVmZgmfLaafxChizK6VWxtoloBj5rbx:KojsWKy+KlqC4+WrumfXfxxvVJ6Bj5r1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4960 wrote to memory of 3412	4960	rundll32.exe	rundll32.exe
PID 4960 wrote to memory of 3412	4960	rundll32.exe	rundll32.exe
PID 4960 wrote to memory of 3412	4960	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58b71252bf2d489141518620d297be2a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4960

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58b71252bf2d489141518620d297be2a_JaffaCakes118.dll,#1
2⤵
PID:3412

memory/3412-0-0x0000000000CC0000-0x0000000000CE8000-memory.dmp

Filesize
160KB

Download
memory/3412-1-0x0000000002670000-0x0000000002699000-memory.dmp

Filesize
164KB

Download