6e29afeb7b7afa4244be146dcec7b8bd95159c694059afdc68705ff54ccb7060

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 12:02

Target

2254934a7b9aea16b7d2a0a0424dcbde_JaffaCakes118.dll
Size

8KB
MD5

2254934a7b9aea16b7d2a0a0424dcbde
SHA1

72819eedcf47b85494e6c4fe345f29459a551789
SHA256

6e29afeb7b7afa4244be146dcec7b8bd95159c694059afdc68705ff54ccb7060
SHA512

a86c871b631df8928ac4420d484ef371f85ec043ecccefb2b5e96bb3ae3ee11c1a37d0c24071d5f412fe2f1ae19cc9b880c05f94a55a4533cd5a8b1e80e89626
SSDEEP

192:cbxVETY9GB+cJRn8k3ZHluRGHE9bTbGw1KRyI1c3F/DZkgUwu2:4xVETiGgcJRn8SeF9fiwwRLsWw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 412	988	rundll32.exe	82
PID 988 wrote to memory of 412	988	rundll32.exe	82
PID 988 wrote to memory of 412	988	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2254934a7b9aea16b7d2a0a0424dcbde_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2254934a7b9aea16b7d2a0a0424dcbde_JaffaCakes118.dll,#1
  2⤵
  PID:412

memory/412-0-0x0000000025000000-0x0000000025014000-memory.dmp

Filesize
80KB

Download