9ec84e534557627d1f13bd278aa399cfd21f6d97763c9900736e401b34253a80

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 14:08

Target

06ae8dc37a60e4b5395509620311ef5b_JaffaCakes118.dll
Size

8KB
MD5

06ae8dc37a60e4b5395509620311ef5b
SHA1

79a6c31263ea58ffafb58c02fff278f4f0612ba9
SHA256

9ec84e534557627d1f13bd278aa399cfd21f6d97763c9900736e401b34253a80
SHA512

9bbd20953a34399ec862ed2ab937af4a5eeec1a8ecb93c638b015a82939a8d7b3c494468b0edf33badd64a67f4672814cc0eb06809da6f8666f6f92f2b975c93
SSDEEP

192:JhpxJ8rBlddxpArdVRBx95wfTs6AdagMXqD9cWM3mxqDDkgUw97:JhbJ8rJd6RtcTsnLMXq5cWMLDcQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 4492	1504	rundll32.exe	83
PID 1504 wrote to memory of 4492	1504	rundll32.exe	83
PID 1504 wrote to memory of 4492	1504	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae8dc37a60e4b5395509620311ef5b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06ae8dc37a60e4b5395509620311ef5b_JaffaCakes118.dll,#1
  2⤵
  PID:4492

memory/4492-0-0x0000000025000000-0x0000000025037000-memory.dmp

Filesize
220KB

Download