cec3bc964a6f5eba3fb20daaeae5b0a9fd82362b620bc5c22d267e43ff1f4993

Analysis

max time kernel
93s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 13:57

Target

26f53775e8ca2e8a3614e6cbf130b235_JaffaCakes118.dll
Size

45KB
MD5

26f53775e8ca2e8a3614e6cbf130b235
SHA1

82150d1f8be84942c9ee1897bf0de8696234fa5b
SHA256

cec3bc964a6f5eba3fb20daaeae5b0a9fd82362b620bc5c22d267e43ff1f4993
SHA512

4b5335806cca23e69af32dee0f7987845e3313dd07aca92525cb8b987d4eb3b831d7f1fb0a4c7c1d0993bb069bc99bc6e2c26969bdaad3a665d85c7f228e943d
SSDEEP

768:J86sxVRr+Fv3q7BZmzD1hgRwfDqcwgrewgSTU/J6btxYXDnYlJ4xkha5q:vsjRrcy7azD1h7fDeILHa6btxYXYTz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1512	1016	rundll32.exe	81
PID 1016 wrote to memory of 1512	1016	rundll32.exe	81
PID 1016 wrote to memory of 1512	1016	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\26f53775e8ca2e8a3614e6cbf130b235_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\26f53775e8ca2e8a3614e6cbf130b235_JaffaCakes118.dll,#1
  2⤵
  PID:1512

memory/1512-0-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download