32ad245e6aa653dea1218f7aab97c29e341fb05b8ef87f3f9d2ef905ffc50e49

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 15:58

Target

35682e97f016fc035d9cd9df39674d66_JaffaCakes118.dll
Size

57KB
MD5

35682e97f016fc035d9cd9df39674d66
SHA1

e34ff3bb6c6649832a983157c752301fe4dfe6ec
SHA256

32ad245e6aa653dea1218f7aab97c29e341fb05b8ef87f3f9d2ef905ffc50e49
SHA512

8d3b7a6afb174785a3495559c951826ff8ae6f235ff4a7f24bcd4b8e2fe9f79d51dbaead8ebc0830b550826de54d8965af5d3d7f3b9a75a2b7d9cddc56d29946
SSDEEP

768:Wl6EKoT6U80wHuSWhGVE0JRqKuF3XvH3lS9lYj3gy2ln8D4P9Czg4uQQRg4y:Wl6KSHfWEEykKa3tRClo4PNHQQRg4y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1632	1832	rundll32.exe	82
PID 1832 wrote to memory of 1632	1832	rundll32.exe	82
PID 1832 wrote to memory of 1632	1832	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35682e97f016fc035d9cd9df39674d66_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35682e97f016fc035d9cd9df39674d66_JaffaCakes118.dll,#1
  2⤵
  PID:1632

memory/1632-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/1632-1-0x0000000000C00000-0x0000000000C09000-memory.dmp

Filesize
36KB

Download