6c1e9043f2405e52046dc89f5e4fea36a3f3c8a9ee485d53c0932e8610ed7e76

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 20:12

Target

239b52eeca78111a4b3c86b0e69d790d_JaffaCakes118.dll
Size

192KB
MD5

239b52eeca78111a4b3c86b0e69d790d
SHA1

81c0c1811f410c3deee4e671ec53f392a870ad9b
SHA256

6c1e9043f2405e52046dc89f5e4fea36a3f3c8a9ee485d53c0932e8610ed7e76
SHA512

35ebbc172d8438cbacd11deb38bde74ee2908fcfa0b5a65dd4d748aa5793baeb6b0287bb7dd294dc9c7a003a95c9e02439fb1efdd1b21ab1f0845163c3fbcfee
SSDEEP

3072:uOud1zOtFVSOn6qCqvEP/jawuZ0S6kA6GAQiATtw6uwx38YAy2y0h4cCiVXnXYEn:OBOtFsOn6d/ed0SRdATt3XMoDEnEM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 212	4160	rundll32.exe	82
PID 4160 wrote to memory of 212	4160	rundll32.exe	82
PID 4160 wrote to memory of 212	4160	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\239b52eeca78111a4b3c86b0e69d790d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\239b52eeca78111a4b3c86b0e69d790d_JaffaCakes118.dll,#1
  2⤵
  PID:212

memory/212-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download