7b2ffa09cb96e0602d8467a5c889f1384331f6d7340796ae042e2685e8385ec2

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 07:18

Target

5dd28a2095e1e3d86f3ca32b48635371_JaffaCakes118.dll
Size

3.0MB
MD5

5dd28a2095e1e3d86f3ca32b48635371
SHA1

59dee452e6b25d2b960839f3b8f2d97ef6b946e2
SHA256

7b2ffa09cb96e0602d8467a5c889f1384331f6d7340796ae042e2685e8385ec2
SHA512

f245bbf5e9b6c01c2a839955dd89a7441e5f50313f9c1abb3aa2796078aabccfaf6aeed6eafd259b71c26c54ea51d31c9f6dcb8db0aa7668e3d7dd0d67597616
SSDEEP

24576:efPAzNPmzIAcDmzINv2QcFXHRbQHcv6lLECBqgsbGVl6AOZ6:cSn1iINv2tFXRbQHBtEKqgsbGVl6A1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3588	4796	rundll32.exe	82
PID 4796 wrote to memory of 3588	4796	rundll32.exe	82
PID 4796 wrote to memory of 3588	4796	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dd28a2095e1e3d86f3ca32b48635371_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5dd28a2095e1e3d86f3ca32b48635371_JaffaCakes118.dll,#1
  2⤵
  PID:3588

memory/3588-0-0x0000000001E70000-0x000000000216A000-memory.dmp

Filesize
3.0MB

Download
memory/3588-1-0x0000000001E70000-0x000000000216A000-memory.dmp

Filesize
3.0MB

Download