f62da45defd4281c0cd2c722385a3fb59871757f44a0ecd688800f97f1e865ef

Analysis

max time kernel
92s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 10:04

Target

2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll
Size

362KB
MD5

2beb2f3e45e8fa0182e37bcc4ef46853
SHA1

7e003572aea666c4cf594af3d65cd11f2e5bd2ad
SHA256

f62da45defd4281c0cd2c722385a3fb59871757f44a0ecd688800f97f1e865ef
SHA512

931204ff05c4b445763be17e74f57a65ca0d3b53e40e5b084d51c2593e3b4def9514e445b48aaf08d091585c633d87b29fec741541df355e18d9e3a96065700d
SSDEEP

6144:3grE9LvUyOo6Lzjw2FREYx6LHjuBDFCuTMQ2OTnTY0q/d4VgCOUB0:3rPOh391V2GYtGgZM0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 1804	4952	rundll32.exe	82
PID 4952 wrote to memory of 1804	4952	rundll32.exe	82
PID 4952 wrote to memory of 1804	4952	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2beb2f3e45e8fa0182e37bcc4ef46853_JaffaCakes118.dll,#1
  2⤵
  PID:1804

memory/1804-0-0x00000000029F0000-0x0000000002AF0000-memory.dmp

Filesize
1024KB

Download
memory/1804-1-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download