8dd82c43ba97cc560443015719be8d04ae5ae5b0b37a6d8a19c12010400f9391

Analysis

max time kernel
140s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 09:25

Target

280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll
Size

156KB
MD5

280adb04b227f0411a4f2f312cab2cab
SHA1

7f9f5da929cf205592b5bf3fcbc824d1a92a157f
SHA256

8dd82c43ba97cc560443015719be8d04ae5ae5b0b37a6d8a19c12010400f9391
SHA512

55a77315c1d3c2decb8e469d37f975c42cc49c028f714b3d80d4bd33a9c1e3b0fe0d2052620b059f6063963ed4224d00829003bed51fd6484bbdb8cd8382b8d5
SSDEEP

3072:BXjJOslnKFFE8U5s8t6REfTKOXpjnMOUBuyNEzPjJQMh6Owb+77:VJOwj858tFTKO4OUBgJlmba

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 4600	3744	rundll32.exe	82
PID 3744 wrote to memory of 4600	3744	rundll32.exe	82
PID 3744 wrote to memory of 4600	3744	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\280adb04b227f0411a4f2f312cab2cab_JaffaCakes118.dll,#1
  2⤵
  PID:4600

memory/4600-0-0x00000000006B0000-0x00000000006BA000-memory.dmp

Filesize
40KB

Download
memory/4600-2-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/4600-4-0x00000000006B0000-0x00000000006BA000-memory.dmp

Filesize
40KB

Download
memory/4600-8-0x00000000006B0000-0x00000000006BA000-memory.dmp

Filesize
40KB

Download