d602ec4a016e2e7ae94d978d7caf573fff1ca6d0b6e20983ac9b0ae8fe53d9f4

Analysis

max time kernel
54s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 22:43

Target

2680ba3c32af0314fe9d75c25caa719b_JaffaCakes118.dll
Size

331KB
MD5

2680ba3c32af0314fe9d75c25caa719b
SHA1

25e9dc9aacc2abc100617731ecbcb69ff9fbf61f
SHA256

d602ec4a016e2e7ae94d978d7caf573fff1ca6d0b6e20983ac9b0ae8fe53d9f4
SHA512

3e4fb03d8721f69c484906045b6fc4a9578c04c14435a99e8cee024c2b64e029d2ffe126bf4be47bfbfe21a62114c950b739d02ace2415e2d864953e501eee7e
SSDEEP

6144:ozQaJAfgvWreQIkqr5JrW+KPAr4hc0KwSU9IGZ++TBQiJVHX3s4:9/gvWlqr5lrec0TSU9y+T3n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 516	4412	rundll32.exe	81
PID 4412 wrote to memory of 516	4412	rundll32.exe	81
PID 4412 wrote to memory of 516	4412	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2680ba3c32af0314fe9d75c25caa719b_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2680ba3c32af0314fe9d75c25caa719b_JaffaCakes118.dll,#1
  2⤵
  PID:516

memory/516-0-0x00000000014D0000-0x000000000152A000-memory.dmp

Filesize
360KB

Download
memory/516-1-0x00000000014D0000-0x000000000152A000-memory.dmp

Filesize
360KB

Download