d651b44cb7d57c89c2f971d8f72522a8421c8442c0def3e96a3e57157496f631

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 07:36

Target

25224c98848802ff1a2fd85f4bb60f5e_JaffaCakes118.dll
Size

21KB
MD5

25224c98848802ff1a2fd85f4bb60f5e
SHA1

91533d113298a59ef78c5beb4bc45ae5a704e543
SHA256

d651b44cb7d57c89c2f971d8f72522a8421c8442c0def3e96a3e57157496f631
SHA512

0a76f17aa2aada51f88fa2bc1e69bcac8488bb92b337966b447b73d6c7545f95b6abbb75cd1a0f064ff6c975fa8fe123b550ecf76d88b0399c77d517e385a34f
SSDEEP

384:UgOzHk5GyyCMy8y3kNT8CYUu7ViUBTxHgM2UMAzI/:iC38y3kZ8x3OM2UhI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 1820	3440	rundll32.exe	83
PID 3440 wrote to memory of 1820	3440	rundll32.exe	83
PID 3440 wrote to memory of 1820	3440	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25224c98848802ff1a2fd85f4bb60f5e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25224c98848802ff1a2fd85f4bb60f5e_JaffaCakes118.dll,#1
  2⤵
  PID:1820

memory/1820-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download