c180003a0a85c137c5fad1bd3f36883645a46be47a481ff078ebe68512f161ad

Analysis

max time kernel
92s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:07

Target

3662e807ea568b1ef9dc9055b45b42b9_JaffaCakes118.dll
Size

5KB
MD5

3662e807ea568b1ef9dc9055b45b42b9
SHA1

215093a742b17979de53c5c244f492b456b8c3d8
SHA256

c180003a0a85c137c5fad1bd3f36883645a46be47a481ff078ebe68512f161ad
SHA512

ad5bed8c8b598f7b23bcf378108f489214647d4f765d4ba74fc18d49b5eee4bf9887e772882d35add9a88031ea0f7cc52abccdcf66bbf9daeb5def066f18a234
SSDEEP

96:ZXljzuKq1opXUbPFSlmv1r+n2RuH2AjWMXQP5++ExXkSqMcQSNIkbQdd77aF9ORC:DqoS0lu4WA65oq7QSuIoiGRYbR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1712 wrote to memory of 4164	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 4164	1712	rundll32.exe	rundll32.exe
PID 1712 wrote to memory of 4164	1712	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3662e807ea568b1ef9dc9055b45b42b9_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3662e807ea568b1ef9dc9055b45b42b9_JaffaCakes118.dll,#1
2⤵
PID:4164

memory/4164-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4164-2-0x000000007763D000-0x000000007763F000-memory.dmp

Filesize
8KB

Download
memory/4164-1-0x0000000001460000-0x0000000001473000-memory.dmp

Filesize
76KB

Download
memory/4164-3-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/4164-4-0x0000000001460000-0x0000000001473000-memory.dmp

Filesize
76KB

Download