1449ea95599308f7a4d8fe1f42a03f0cf16768d5b7d7eb76d70204a03d2a4584

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 01:25

Target

3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118.dll
Size

33KB
MD5

3730ece9f3c01fc115f92445adeaebfb
SHA1

936805e8a139d3293f37fc79d2083496ed54ea67
SHA256

1449ea95599308f7a4d8fe1f42a03f0cf16768d5b7d7eb76d70204a03d2a4584
SHA512

8f5092b7b5f11c099b0a69265f14ed1bd9a4e938dd0e53f4f654e022a5aa28dcc52656f268b2d27dec184b9be01b16bb7c407c927d463c06136f2f8e0aa88505
SSDEEP

768:5+j+xwc5taWYklfGbaxD217QDZ/PkC6vkk+U9WIFTfb:5+PciklfG2xDk7+Z/PCvJxD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3188	5032	rundll32.exe	85
PID 5032 wrote to memory of 3188	5032	rundll32.exe	85
PID 5032 wrote to memory of 3188	5032	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3730ece9f3c01fc115f92445adeaebfb_JaffaCakes118.dll,#1
  2⤵
  PID:3188

memory/3188-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download