3f115087fd30341f14d34de8f175319a11fea91ee09576c288fa00c11500d455

Analysis

max time kernel
120s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 18:30

Target

0f18e22683f0971d13269586299e1292_JaffaCakes118.dll
Size

4KB
MD5

0f18e22683f0971d13269586299e1292
SHA1

bdfb48a791ed175f8af799a65aaacfa66a9d18e3
SHA256

3f115087fd30341f14d34de8f175319a11fea91ee09576c288fa00c11500d455
SHA512

45b04f617ec3943be738bd6076cefa4f205145d9ca31303cc347915f5c9a775b0283a267c20ea1f3f2d09befed3364f394612527bfd66b8d7b3da07edd2ff797
SSDEEP

48:SlgB7s7TETrTOekLvF8MOAA3GjBBqSXo1aGjM51Gj8K:2Eaaz93GjBBG1aGz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 320	4660	rundll32.exe	83
PID 4660 wrote to memory of 320	4660	rundll32.exe	83
PID 4660 wrote to memory of 320	4660	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f18e22683f0971d13269586299e1292_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f18e22683f0971d13269586299e1292_JaffaCakes118.dll,#1
  2⤵
  PID:320

memory/320-0-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download