51cd64260ac23d0400dd3dfa7a8ddc26cd09a0be222fe3170d7f1d8b4b32fb25

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:17

Target

031ff270b56b80006a2021f8603fd9b7_JaffaCakes118.dll
Size

40KB
MD5

031ff270b56b80006a2021f8603fd9b7
SHA1

c694b620ef45d3187e807a6d1ba81420809b5690
SHA256

51cd64260ac23d0400dd3dfa7a8ddc26cd09a0be222fe3170d7f1d8b4b32fb25
SHA512

07794f28cb4fe4b53b9e5a146155b1fabb447826233a1dde94187429f79a35fb06bc1c3493cb2d7fd156c56b434cbbaf39a97d317d29063a5a7fee2dc11de1aa
SSDEEP

768:02kgiQVPE5LDEr7kJ9Cai1BdSjxHs4GdUh9oMR6uNxIeNdhYjytf+mB:02wQVPE5L4kJ90ZKHs4GKh9rRBfdhYjK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 3892	4296	rundll32.exe	81
PID 4296 wrote to memory of 3892	4296	rundll32.exe	81
PID 4296 wrote to memory of 3892	4296	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\031ff270b56b80006a2021f8603fd9b7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\031ff270b56b80006a2021f8603fd9b7_JaffaCakes118.dll,#1
  2⤵
  PID:3892

memory/3892-1-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/3892-0-0x0000000000820000-0x0000000000850000-memory.dmp

Filesize
192KB

Download