e42689085cf3241b6cf55d26b9c4fc9b5d7636b0919d782fd1847761b487bc4f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 05:34

Target

2f2629dbffc133c638926feb0cdeb99f_JaffaCakes118.dll
Size

6KB
MD5

2f2629dbffc133c638926feb0cdeb99f
SHA1

3f6d3628b0ba4f6d6dab61a0d9205f3755f860d9
SHA256

e42689085cf3241b6cf55d26b9c4fc9b5d7636b0919d782fd1847761b487bc4f
SHA512

e1d505fb25e97b094438d289454d72192370831b5a4e0a8210c21aaa941a5b40084c52f81395b66df2542f8af4467803fd76493564f223a8ea68fa76d31d78f5
SSDEEP

48:aGy7MN4cpSGAXbIni1kvNs6ztutiKIZWiwQTnU5WwG2QozbC:xB4c4G6bn1k1sw0EW3enIWwGqb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1364	3624	rundll32.exe	82
PID 3624 wrote to memory of 1364	3624	rundll32.exe	82
PID 3624 wrote to memory of 1364	3624	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f2629dbffc133c638926feb0cdeb99f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f2629dbffc133c638926feb0cdeb99f_JaffaCakes118.dll,#1
  2⤵
  PID:1364

memory/1364-0-0x0000000001160000-0x0000000001166000-memory.dmp

Filesize
24KB

Download