532b2eadcfac84046ce883d6bbc0b805e3197d4c28ab33169d65446a6d7d18e6

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 01:09

Target

241e248a33ea575966a2dbff3edffde7_JaffaCakes118.dll
Size

336KB
MD5

241e248a33ea575966a2dbff3edffde7
SHA1

fe16ec42ccd85c8822c184ad64033dbb75582c54
SHA256

532b2eadcfac84046ce883d6bbc0b805e3197d4c28ab33169d65446a6d7d18e6
SHA512

644487a2c25696b151bd82efae4afbe84a119042e61c61e1f34519d9e61913d97cb81ce6f8fdb1e4ad586a6c652c63d16097bea2051c9ae56641e3e93d5cb1d8
SSDEEP

6144:1/vFKTBV/M3nMsVE4EkA6gD8rzHYPIX8yFrxYP/ydYlrsVmoaC/jMpU:1l3Xi3kY8YPZgYSYxOMpU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2648	1180	rundll32.exe	82
PID 1180 wrote to memory of 2648	1180	rundll32.exe	82
PID 1180 wrote to memory of 2648	1180	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\241e248a33ea575966a2dbff3edffde7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\241e248a33ea575966a2dbff3edffde7_JaffaCakes118.dll,#1
  2⤵
  PID:2648

memory/2648-0-0x0000000001630000-0x000000000163C000-memory.dmp

Filesize
48KB

Download
memory/2648-1-0x0000000000400000-0x00000000005F8000-memory.dmp

Filesize
2.0MB

Download
memory/2648-2-0x0000000000401000-0x00000000005F0000-memory.dmp

Filesize
1.9MB

Download
memory/2648-3-0x0000000000400000-0x00000000005F8000-memory.dmp

Filesize
2.0MB

Download