5077cfc925da000f3b3916d1865c332d5bd775606c00914d2442af98a663af13

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 08:27

Target

21b2f02bcc22aa1c82d838169f69990f_JaffaCakes118.dll
Size

21KB
MD5

21b2f02bcc22aa1c82d838169f69990f
SHA1

65581b9b1b052080c72a9413751c2e0b60e88914
SHA256

5077cfc925da000f3b3916d1865c332d5bd775606c00914d2442af98a663af13
SHA512

91f8f71796fde14ef142daf8ff4a079eee502a36031ebc2c8ba63b6c616f1076787c3c2da810d84700f3d25f148c52fb79878593f3cbd3a67836028cfa6c1347
SSDEEP

384:ckgFTvXXDEKofQ/8t/QsxA/5iWWfk8isp8ss6IBZXWwqI1M1Iv1KaF5p8qWSFaWr:c3TvXXDE5Q/8t/ty/5i7Hissx+wM617N

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 4496	4420	rundll32.exe	81
PID 4420 wrote to memory of 4496	4420	rundll32.exe	81
PID 4420 wrote to memory of 4496	4420	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21b2f02bcc22aa1c82d838169f69990f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21b2f02bcc22aa1c82d838169f69990f_JaffaCakes118.dll,#1
  2⤵
  PID:4496

memory/4496-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download