91108fc5a2bc186dc5fe2efbbee2006087f81cf6a6a2490256223fb947e358d8

Analysis

max time kernel
139s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 01:09

Target

0bb4a66a7e480fab13bb5af1cea7cd42_JaffaCakes118.dll
Size

61KB
MD5

0bb4a66a7e480fab13bb5af1cea7cd42
SHA1

53a86e71bb62613914d17eeae927d7731de9045c
SHA256

91108fc5a2bc186dc5fe2efbbee2006087f81cf6a6a2490256223fb947e358d8
SHA512

69a9b9d3871173d1d2df65e2b2eb828b81ecdedc100508615b48f6502d24c9507d44ecf4abd08ef511098be65477d385bbacc0afae9a0ae426244069c55b88e0
SSDEEP

1536:BfQAl+7ovObY2TDhlkXWf8Pme2RFxzQNup1yxd5VUu1d:dQAl+pbY2TD7kmkrYzQuzAf+Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3280	4372	rundll32.exe	83
PID 4372 wrote to memory of 3280	4372	rundll32.exe	83
PID 4372 wrote to memory of 3280	4372	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bb4a66a7e480fab13bb5af1cea7cd42_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bb4a66a7e480fab13bb5af1cea7cd42_JaffaCakes118.dll,#1
  2⤵
  PID:3280

memory/3280-1-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/3280-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download