fe4118858826fde0ccf03f1adf33b146561704d92448bbca6a5361d03acad516

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:18

Target

0322aaf9a3af6a6a904278f1e86ead99_JaffaCakes118.dll
Size

11KB
MD5

0322aaf9a3af6a6a904278f1e86ead99
SHA1

27d71dd086fd9d18f8b11462a62babc72074f76b
SHA256

fe4118858826fde0ccf03f1adf33b146561704d92448bbca6a5361d03acad516
SHA512

3ef6a2c21b6deded1341d5066237c19a9e28f9148d65adf6bd648bf14046b0b9c50d04c323c2d2861297e6df5d637872117a147d12720307ea4c284e5a1bed41
SSDEEP

192:clVYqtMsqWtnlcPvvBvc+vUJ5R75OHsqlMfSKg7M7W6yR4tKn1Su1tkgUw9+:OMtASv5DV/r5624t6lUR

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 336	3744	rundll32.exe	81
PID 3744 wrote to memory of 336	3744	rundll32.exe	81
PID 3744 wrote to memory of 336	3744	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0322aaf9a3af6a6a904278f1e86ead99_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0322aaf9a3af6a6a904278f1e86ead99_JaffaCakes118.dll,#1
  2⤵
  PID:336

memory/336-2-0x0000000025000000-0x0000000025019000-memory.dmp

Filesize
100KB

Download