b83abdb1214573f91e59beb336d61e4c3099f7ae42994ca910dbd3cb01ad5c93

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 04:11

Target

14a25f0bb391066438996956326ea70f_JaffaCakes118.dll
Size

48KB
MD5

14a25f0bb391066438996956326ea70f
SHA1

596962612bceff3d54123468d473daf260cb2c93
SHA256

b83abdb1214573f91e59beb336d61e4c3099f7ae42994ca910dbd3cb01ad5c93
SHA512

b4bc4727ce46e1b6ba1b72fcb55d178453999e90f45fcd9853e578fbb5809556d626b99b016bd8172d0768a1e01f2b042734cee163178e91b70ca676c73b43cb
SSDEEP

768:TJqhu7etRm+Off3XvD1ykNbmGxXHRDMzwyy7JXo9U5:TJ4yXb1ykNzXxIo5oO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 4888	612	rundll32.exe	81
PID 612 wrote to memory of 4888	612	rundll32.exe	81
PID 612 wrote to memory of 4888	612	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14a25f0bb391066438996956326ea70f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14a25f0bb391066438996956326ea70f_JaffaCakes118.dll,#1
  2⤵
  PID:4888

memory/4888-1-0x0000000000F60000-0x0000000001036000-memory.dmp

Filesize
856KB

Download
memory/4888-0-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/4888-2-0x0000000000F60000-0x0000000001036000-memory.dmp

Filesize
856KB

Download