b3f0164cf8d2ac1684ccd3898ed69d6423836998f5d1eaf826899374720f1e95

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 22:57

Target

3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll
Size

28KB
MD5

3252b82fa108f21ae69a233aa04a8352
SHA1

5d491f83a5bbd95c7ecec9c3128e5ecd8a38183d
SHA256

b3f0164cf8d2ac1684ccd3898ed69d6423836998f5d1eaf826899374720f1e95
SHA512

16de18df639ffc3f8376b9c2a7389202cdefa56d51920d78a30db5f98c6fab2ce4b1a98c3d0eff1c4c3d661afbbf569ff201f9ff42d1ff7ee5a82bad549c83d8
SSDEEP

384:ctyuzCkzySFy8BTTVhOFf9nQWAOAYoEMOcbswmIgvQkCznlEzAz9u8AsQ:sM8BTTVhgJQSoEjz8lN9u

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3452	2904	rundll32.exe	81
PID 2904 wrote to memory of 3452	2904	rundll32.exe	81
PID 2904 wrote to memory of 3452	2904	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3252b82fa108f21ae69a233aa04a8352_JaffaCakes118.dll,#1
  2⤵
  PID:3452

memory/3452-0-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3452-3-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3452-5-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/3452-11-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download