9104cdf25bd9fc2178440f7d67e46dcaf5ebf9dcdfad6a45135bc5dc2b5aa696

Analysis

max time kernel
131s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 07:15

Target

6db6ab5a9ad41c41852965e8e26bb078_JaffaCakes118.dll
Size

218KB
MD5

6db6ab5a9ad41c41852965e8e26bb078
SHA1

df8bc0b342e3459145d422c52e5dfb21cfb869d0
SHA256

9104cdf25bd9fc2178440f7d67e46dcaf5ebf9dcdfad6a45135bc5dc2b5aa696
SHA512

17722eb50b0700d28de4e562f8db433251b46a57166f01ba79aba775c102db397ecdeaaab3e56d26d78acce791701835cb4cb7beb278cfbf003599fea07a49d1
SSDEEP

6144:TgEBgbj0sFdZdpAyUURuAWgGSQLXeZLUlmqAeoRw:Tu/0mbUy5Uh+U

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3492 wrote to memory of 2956	3492	rundll32.exe	82
PID 3492 wrote to memory of 2956	3492	rundll32.exe	82
PID 3492 wrote to memory of 2956	3492	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6db6ab5a9ad41c41852965e8e26bb078_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6db6ab5a9ad41c41852965e8e26bb078_JaffaCakes118.dll,#1
  2⤵
  PID:2956

memory/2956-0-0x0000000010000000-0x0000000010089000-memory.dmp

Filesize
548KB

Download