5e8bc0c875ec8f89c5579ed3811f6e8d2d116c470fe519b87975e0d32f6c5a47

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 01:01

Target

371dae92c482907e96c71d040029f05c_JaffaCakes118.dll
Size

15KB
MD5

371dae92c482907e96c71d040029f05c
SHA1

e8859a665573c62dd7a2c67262368d57f068a52b
SHA256

5e8bc0c875ec8f89c5579ed3811f6e8d2d116c470fe519b87975e0d32f6c5a47
SHA512

0ff5c9e6c09894bc66b46c9f5abeefcbfb44ab54130c3d3de7caffaf832f2a586ec2d6f08b67539af76ea77eda16ab31881586846c6184c30fcae2c40acad30d
SSDEEP

192:GApDziZ9Q2jroVnLlj9nhIuVt/cshUA2yIv1pB55h84K+6P2rL4/Q:GaDWzizhIu/n12yap8XO4Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 632	3168	rundll32.exe	81
PID 3168 wrote to memory of 632	3168	rundll32.exe	81
PID 3168 wrote to memory of 632	3168	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\371dae92c482907e96c71d040029f05c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\371dae92c482907e96c71d040029f05c_JaffaCakes118.dll,#1
  2⤵
  PID:632

memory/632-0-0x0000000000B00000-0x0000000000B06000-memory.dmp

Filesize
24KB

Download