56998cd02bb2b94880be36bd24f9c4c93a0ce7082313d9902da71c2ac92dd82b

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 04:45

Target

37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll
Size

39KB
MD5

37be99e2b197a3171bd773ad2700aca0
SHA1

edb0d4d915f6b0366d7eb429e995b4b1df8ffd57
SHA256

56998cd02bb2b94880be36bd24f9c4c93a0ce7082313d9902da71c2ac92dd82b
SHA512

ad4ab9baac70627057f68ff0518dcc1bb49bf38d6230c94035ffc839a76ec9a3d65aae381609889d0bfc56ef3a2a3a7d6a9f88ec935192454650b504f8ec4680
SSDEEP

768:he3NBanuU3dfLcjqVAYrDaK6/SA3GKIDVdYmrnfQsUU5F:h0NBanuUNT7eK6/P6nIsf3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 4304	3360	rundll32.exe	83
PID 3360 wrote to memory of 4304	3360	rundll32.exe	83
PID 3360 wrote to memory of 4304	3360	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37be99e2b197a3171bd773ad2700aca0_JaffaCakes118.dll,#1
  2⤵
  PID:4304

memory/4304-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download