88c0283df5243e576e998d93b721e638056de973e6c072d5600aef1cfa1c9e6e

Analysis

max time kernel
141s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 17:49

Target

085bc0a2df6bb8677f53bc0ffbdbdea8_JaffaCakes118.dll
Size

80KB
MD5

085bc0a2df6bb8677f53bc0ffbdbdea8
SHA1

a5405d6d90140b32a2e47ed6d890e10293294c6e
SHA256

88c0283df5243e576e998d93b721e638056de973e6c072d5600aef1cfa1c9e6e
SHA512

39017ded2f0108fd3e06fb2db12015909cc72e62d97a50722324e6ef3a21a2916661e0955f388df22969d3d67b0196ebd6c56e6a59e8e52acc6c2f36ba7f90d7
SSDEEP

768:zvSByGM6CKHwsTHcI11OrZKPdSMWdveSmrBUI8Bod+yxbMqEXpMpvQLUiLpoYG8f:W/MaJiMVkdGSuBiM+8iLUQiWEwiXxjK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4996	1456	rundll32.exe	83
PID 1456 wrote to memory of 4996	1456	rundll32.exe	83
PID 1456 wrote to memory of 4996	1456	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\085bc0a2df6bb8677f53bc0ffbdbdea8_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\085bc0a2df6bb8677f53bc0ffbdbdea8_JaffaCakes118.dll,#1
  2⤵
  PID:4996

memory/4996-3-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/4996-1-0x0000000001560000-0x000000000156A000-memory.dmp

Filesize
40KB

Download