7134be8d4c72b29599235dc7cec1f21960448cac7e1b4bd69010924fc1be91d2

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 06:34

Target

1500c863b2acda568e781c9bc240a0c4_JaffaCakes118.dll
Size

5KB
MD5

1500c863b2acda568e781c9bc240a0c4
SHA1

691814b400ee61256bc7c7b7acc485ad2169d27f
SHA256

7134be8d4c72b29599235dc7cec1f21960448cac7e1b4bd69010924fc1be91d2
SHA512

c96e6f440da511cbf67d81d0fa562188a100ee35eed5048424103369173c3d271cd0fca2398391998aaae6ae8f2b7f165521039533efe1330e2c3961b0a70a00
SSDEEP

96:K5mPm0ycnpEdQj1TvX27uus5Ubkw7W5QlUEccvwiw/Lo9T9QkgcwQwTQ:Hm0ycWdQ9Ouus5Ubkw7NPFmLox9QkgUL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4640	4620	rundll32.exe	80
PID 4620 wrote to memory of 4640	4620	rundll32.exe	80
PID 4620 wrote to memory of 4640	4620	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1500c863b2acda568e781c9bc240a0c4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1500c863b2acda568e781c9bc240a0c4_JaffaCakes118.dll,#1
  2⤵
  PID:4640

memory/4640-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download