d4c9861319e24cff7db1004ef20235f73102c9995e975f46f1c7c393f2a18a6b

Analysis

max time kernel
53s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 09:38

Target

281393789619ebb967f787ff0c0278bf_JaffaCakes118.dll
Size

19KB
MD5

281393789619ebb967f787ff0c0278bf
SHA1

5208774ac679d3c5d74a8aaef7231ac256b1a82f
SHA256

d4c9861319e24cff7db1004ef20235f73102c9995e975f46f1c7c393f2a18a6b
SHA512

7f533b80dda964fd0b658d4c177d0171ea5f8f5bc9e930e7d62222523c39b22fed579789bbfb094b22b45814905de37049b259a6ff738a205e40fcb3804b3e52
SSDEEP

384:4iWO48f+Z8N8p/ij7m+1Ir9giJXBwWyPDGx0byV8fOcg3CzHy218V:L4hZ1p/ija+1I5pmn7P9NS21

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 1448	968	rundll32.exe	81
PID 968 wrote to memory of 1448	968	rundll32.exe	81
PID 968 wrote to memory of 1448	968	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\281393789619ebb967f787ff0c0278bf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\281393789619ebb967f787ff0c0278bf_JaffaCakes118.dll,#1
  2⤵
  PID:1448

memory/1448-0-0x00000000778D2000-0x00000000778D3000-memory.dmp

Filesize
4KB

Download