eafef8ec82c597e18b04785d13d08bd12b69a5114126637f342882277c6aaa35

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 18:22

Target

2d5cd06539146dc507ad436c46642740_JaffaCakes118.dll
Size

4.1MB
MD5

2d5cd06539146dc507ad436c46642740
SHA1

89c62d9e4148943e4776abbf7645daf9ea5e611a
SHA256

eafef8ec82c597e18b04785d13d08bd12b69a5114126637f342882277c6aaa35
SHA512

9ea5910d46c3778bd944de01f07a6ed7662d47cd0c46b698623acc36825e9f04cae4eff562b47f49c28a709b2c323e68c33af48096f21b6517a58967649ee37b
SSDEEP

98304:P0oW0LiGk+JC2LgwQmvb10cV/zUKxhyhejpqwBu24k/6:nW0LER1mv50E/PxAhwUwBUkC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4812	2664	rundll32.exe	82
PID 2664 wrote to memory of 4812	2664	rundll32.exe	82
PID 2664 wrote to memory of 4812	2664	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d5cd06539146dc507ad436c46642740_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d5cd06539146dc507ad436c46642740_JaffaCakes118.dll,#1
  2⤵
  PID:4812

memory/4812-0-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download