86212439fcb2f1cd03bfa46b4484833c6ec27be4f0246f52b259d4b4ca2f5ca3

Analysis

max time kernel
41s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 16:52

Target

2592d1780e7336b9d9f35d84f796a184_JaffaCakes118.dll
Size

6KB
MD5

2592d1780e7336b9d9f35d84f796a184
SHA1

cdc9a37d46333183feb8b9bfcefde226164f75ab
SHA256

86212439fcb2f1cd03bfa46b4484833c6ec27be4f0246f52b259d4b4ca2f5ca3
SHA512

c89395d14388eea76d4f23fb498aee2a11db0fb54ceca35625bf05592722fa45b3b53c261da8f3fbb64e6948bb52facda4e3590f42d14f2d53bc860cae4783ac
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 620	1252	rundll32.exe	81
PID 1252 wrote to memory of 620	1252	rundll32.exe	81
PID 1252 wrote to memory of 620	1252	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2592d1780e7336b9d9f35d84f796a184_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2592d1780e7336b9d9f35d84f796a184_JaffaCakes118.dll,#1
  2⤵
  PID:620

memory/620-0-0x00000000762F0000-0x00000000762F6000-memory.dmp

Filesize
24KB

Download