a4b6dbc59817d290cb60a8aedc7afa6d6ddd343e43497946967a87da97f4dc9e

Analysis

max time kernel
93s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 22:28

Target

323a19f5f48acc7c831302a1f26d7c23_JaffaCakes118.dll
Size

36KB
MD5

323a19f5f48acc7c831302a1f26d7c23
SHA1

45754f7cbf26c2f61d6b1b60b39414e01e0a5026
SHA256

a4b6dbc59817d290cb60a8aedc7afa6d6ddd343e43497946967a87da97f4dc9e
SHA512

696f4b11672d1716878acfb91e9a9c361a3d491df6840f3067bfbfd46cd850b30a881486b6fb2c5b09fdb9ddbf200fe07798f87ec6d8ad31f46318d06dbcf17b
SSDEEP

768:UcfZY0Zrc8L4aS+ryFCGK2j8awikPk/mjK90nBL40rcYncgvOUE0FCsrLN3:UgZYSl46ry9KpskPk+ju0nBL40rcYcvO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 3808	4728	rundll32.exe	81
PID 4728 wrote to memory of 3808	4728	rundll32.exe	81
PID 4728 wrote to memory of 3808	4728	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\323a19f5f48acc7c831302a1f26d7c23_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\323a19f5f48acc7c831302a1f26d7c23_JaffaCakes118.dll,#1
  2⤵
  PID:3808

memory/3808-0-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download
memory/3808-1-0x0000000010001000-0x0000000010002000-memory.dmp

Filesize
4KB

Download