2cd7d4c496c15937e7c0980ffb15d0dc0e48e5c5ea42e3fbdaa841de0da76dbf

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 16:26

Target

07b8f9253acc3375c6f624ae9b108869_JaffaCakes118.dll
Size

14KB
MD5

07b8f9253acc3375c6f624ae9b108869
SHA1

fcf3f3298e4429b53d8c6035112fd9de8ed25796
SHA256

2cd7d4c496c15937e7c0980ffb15d0dc0e48e5c5ea42e3fbdaa841de0da76dbf
SHA512

60904d440cc4e5d0b17b2224ee369680a377b1f55fbd6e33c2e54321a5baccd0c5d4b1bfcc309bb53815460ec46e965a113be2fbdfe3dd178b3474e226a9d43a
SSDEEP

384:uSLXbMbOIyzhCIeeAHv815oJnhlwutXcrVQV5l:uSLXIEzdDno1hlwAXcrVw

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
652	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4268	3448	rundll32.exe	81
PID 3448 wrote to memory of 4268	3448	rundll32.exe	81
PID 3448 wrote to memory of 4268	3448	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b8f9253acc3375c6f624ae9b108869_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07b8f9253acc3375c6f624ae9b108869_JaffaCakes118.dll,#1
  2⤵
  PID:4268

memory/4268-0-0x0000000025000000-0x000000002501D000-memory.dmp

Filesize
116KB

Download