7672bd7e81ace5c6bc9a7f99517b65b120f4afcbbe5867918c6d23b3876c56eb

Analysis

max time kernel
93s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 00:43

Target

2e6992b1c52e0d1b637750864302ba16_JaffaCakes118.dll
Size

76KB
MD5

2e6992b1c52e0d1b637750864302ba16
SHA1

a980342e4f62a0038ba56d2a9dad621cae11e23e
SHA256

7672bd7e81ace5c6bc9a7f99517b65b120f4afcbbe5867918c6d23b3876c56eb
SHA512

c3c11608497ce1181f15c7021a4c4f64cc264bececc58c38a31827a7668e42b4824fd7eac22de191bd20692afe52e3fa55d6ddd44bd12c0b3d57f2b8cc24b697
SSDEEP

1536:BfQAl+7ovO9zjJv8tAMeep1uz2xJ/7ymTVjlUJx:dQAl+pLv8tA8Az2xFym5jOf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1672	1856	rundll32.exe	82
PID 1856 wrote to memory of 1672	1856	rundll32.exe	82
PID 1856 wrote to memory of 1672	1856	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6992b1c52e0d1b637750864302ba16_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e6992b1c52e0d1b637750864302ba16_JaffaCakes118.dll,#1
  2⤵
  PID:1672

memory/1672-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/1672-1-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download