10d1f6422de09f143ea702330a0b753a0dbbcfee8f921c8a697d0b5f2e8ee370

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 18:07

Target

087f0b7f7163f18057e26e6ca5faa0e6_JaffaCakes118.dll
Size

22KB
MD5

087f0b7f7163f18057e26e6ca5faa0e6
SHA1

44925806416e7b9ab8882d73855933222f7d3989
SHA256

10d1f6422de09f143ea702330a0b753a0dbbcfee8f921c8a697d0b5f2e8ee370
SHA512

1520a8c930e9fe1f3448cb405dd8601628b5f8ee21205fc3cd0003a9d3538dc1cd249f7fb85a90a3cac6c5bb1c19603f60b23075452c1552773db77a9fd42600
SSDEEP

384:4aUxz0CnMhqd+1bV5Qe+sWtAteFe5PjyzT1QyA7u9WMFab/EhZAzP1/:9RCnkqdS55Qh/ysQPuzT15Ls/EhG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 3808	1540	rundll32.exe	81
PID 1540 wrote to memory of 3808	1540	rundll32.exe	81
PID 1540 wrote to memory of 3808	1540	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\087f0b7f7163f18057e26e6ca5faa0e6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\087f0b7f7163f18057e26e6ca5faa0e6_JaffaCakes118.dll,#1
  2⤵
  PID:3808

memory/3808-0-0x0000000000900000-0x000000000090C000-memory.dmp

Filesize
48KB

Download