329ea8916cf4aedb2c2681a3fc3cd04f1700d7c49b67d6d04949661136fa61d4

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 08:53

Target

29de1be5fc64f7c6f0534f6264b445d7_JaffaCakes118.dll
Size

28KB
MD5

29de1be5fc64f7c6f0534f6264b445d7
SHA1

c1ae6d03f018d2c5f7ff0d3598a2f4829dccfe3e
SHA256

329ea8916cf4aedb2c2681a3fc3cd04f1700d7c49b67d6d04949661136fa61d4
SHA512

af8cae60bae8ff1228100ec18aa0de8d928ca26a5c55d1e37dba9f759384bfad9888d7fb894bd1ac4111995bdc517d387fb7609e01b4c6b907adf7093eba1db0
SSDEEP

768:v2pLZrKeDkeAh/6ykFFutN7DwNbGsZDv6dOqD+3CBwzje1hd9RiE3FU:v2FZ5g/h/6deuPOgCQA8E3G

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 692	1300	rundll32.exe	82
PID 1300 wrote to memory of 692	1300	rundll32.exe	82
PID 1300 wrote to memory of 692	1300	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29de1be5fc64f7c6f0534f6264b445d7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29de1be5fc64f7c6f0534f6264b445d7_JaffaCakes118.dll,#1
  2⤵
  PID:692

memory/692-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/692-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/692-2-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download