9951b6a62771c754a0766fa2a1deff85e4783f8fabd181026665bf09554e3374

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 16:25

Target

0993e1ec2882c382850e19a00ba3ab48_JaffaCakes118.dll
Size

203KB
MD5

0993e1ec2882c382850e19a00ba3ab48
SHA1

9074f1ee3d18f0e0794c73ef9c8ca91a9f4f71d9
SHA256

9951b6a62771c754a0766fa2a1deff85e4783f8fabd181026665bf09554e3374
SHA512

c0759c7238ff8a6f29d222a767edc861095b44bc6d5b9f895a4f662d3391c3754c1ee35b98d7cf929082802c0375885d8d8a4fd770d6545186e7b65c6c955546
SSDEEP

3072:9B/Clx1CpY5K4OtAOl8IyYn6qCqvEP/jawuZ0S6kA6GAQiATtw6uwx38YAy2y0hn:X/iOtAphYn6d/ed0SRdATt3XMoDEnEY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 4220	1332	rundll32.exe	80
PID 1332 wrote to memory of 4220	1332	rundll32.exe	80
PID 1332 wrote to memory of 4220	1332	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0993e1ec2882c382850e19a00ba3ab48_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0993e1ec2882c382850e19a00ba3ab48_JaffaCakes118.dll,#1
  2⤵
  PID:4220

memory/4220-0-0x0000000010000000-0x0000000010036000-memory.dmp

Filesize
216KB

Download