0077c1c60fd0db399e4811c00c8f447f615a5242a3768e69792c13457f98f116

Analysis

max time kernel
95s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 08:57

Target

26cdaad50a3a6ee199f5229464862254_JaffaCakes118.dll
Size

130KB
MD5

26cdaad50a3a6ee199f5229464862254
SHA1

1d04f44b5aeb6ceee6daf102d041e4760f2f49e9
SHA256

0077c1c60fd0db399e4811c00c8f447f615a5242a3768e69792c13457f98f116
SHA512

1628d8948cc31e8afdb04dbe6c1a7cc2b1733567ec9d8e60464974ce18c56078faa68c30f81bf584311a8555851c64bfa240aabd554b81eaf5144c44042f11df
SSDEEP

3072:CjcZ9V2aZ1C9nA4kWin1h1zl1Maq8x5LSPyWt7744nuBaGbu:Cjc5lB4kT5lqaxePj/4NBFy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 208	4332	rundll32.exe	80
PID 4332 wrote to memory of 208	4332	rundll32.exe	80
PID 4332 wrote to memory of 208	4332	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26cdaad50a3a6ee199f5229464862254_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26cdaad50a3a6ee199f5229464862254_JaffaCakes118.dll,#1
  2⤵
  PID:208

memory/208-0-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/208-1-0x0000000000930000-0x0000000000A30000-memory.dmp

Filesize
1024KB

Download
memory/208-2-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download