12c8a5315a97f9c63846fefea7122496af58b0862a4778931e69c746ba7c5cbd

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 11:56

Target

7cdc9d8f648431e507226ef25e872b59_JaffaCakes118.dll
Size

154KB
MD5

7cdc9d8f648431e507226ef25e872b59
SHA1

0426de3a851d1c7648edb952697593e27f6eb026
SHA256

12c8a5315a97f9c63846fefea7122496af58b0862a4778931e69c746ba7c5cbd
SHA512

40c65101ea43cd4a0fa235e4975aeaaf3a36ac8f9547490c4c460f7b5d0395e4a316edc415811e5027d4030d54c2501084cfb24afd12d7d114bb6592a851234f
SSDEEP

3072:i5wm/8sMdVd0Ci+IT6yDY9WVqQZmQrzuaXQtOLBdb:77H0CV/y09WVDriUjd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 3316	2604	rundll32.exe	81
PID 2604 wrote to memory of 3316	2604	rundll32.exe	81
PID 2604 wrote to memory of 3316	2604	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cdc9d8f648431e507226ef25e872b59_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7cdc9d8f648431e507226ef25e872b59_JaffaCakes118.dll,#1
  2⤵
  PID:3316

memory/3316-0-0x0000000060A00000-0x0000000060ADA000-memory.dmp

Filesize
872KB

Download