c037ab2da18d422b3b22a9f9f198000e2c1f7e5c843707dfceda32dc3e38a514

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 07:46

Target

0d415becc0937dd2dbce36ad8550607f_JaffaCakes118.dll
Size

25KB
MD5

0d415becc0937dd2dbce36ad8550607f
SHA1

f20eca961495458d7511618211a4049a452c01f0
SHA256

c037ab2da18d422b3b22a9f9f198000e2c1f7e5c843707dfceda32dc3e38a514
SHA512

1accb4ba3e04e2c424c0ff89b8f0e170f21708e47e38719ca870c9fca0b69e2e4424a76f16788c5e30bb09172a29f2d6952af947e08e36e5e124f058a01c36de
SSDEEP

384:gaUxz0C+Mgqd+1pqBQe+VItZFfVwid1LEXQ4LwEEP9cqZgc0lAzoNK:1RC+lqdSwBQhWDzwid1LZOwdpTO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 3020	3532	rundll32.exe	82
PID 3532 wrote to memory of 3020	3532	rundll32.exe	82
PID 3532 wrote to memory of 3020	3532	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d415becc0937dd2dbce36ad8550607f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d415becc0937dd2dbce36ad8550607f_JaffaCakes118.dll,#1
  2⤵
  PID:3020

memory/3020-0-0x0000000000650000-0x000000000065C000-memory.dmp

Filesize
48KB

Download