2bb6d1e4fac9525d0466151e7eaef12da8b0d7cc12d7a97672ec04a5af5ef530

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 07:36

Target

383ce4135a605e18f9d321b7acb16ccb_JaffaCakes118.dll
Size

1.7MB
MD5

383ce4135a605e18f9d321b7acb16ccb
SHA1

e79cc477be4a2da661766f459a47bf7edec27595
SHA256

2bb6d1e4fac9525d0466151e7eaef12da8b0d7cc12d7a97672ec04a5af5ef530
SHA512

ff5f73c7e9c6059724e52214938aea7245cb1dc9e4c149c2f7d00fca0679ac3aae5d42102dbd1440003825f11141f5afc93497c16e221127c0cb2dbb211c5fe0
SSDEEP

24576:u6f71UTDv/1jvv+bOmJmzQsXlcjoew1Jug655etj3weKQJ/8Yjpe++C0GpTuUCvw:zz1uDuOjNGId+cE7QJ7IocUCvhW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2116	2988	rundll32.exe	83
PID 2988 wrote to memory of 2116	2988	rundll32.exe	83
PID 2988 wrote to memory of 2116	2988	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\383ce4135a605e18f9d321b7acb16ccb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\383ce4135a605e18f9d321b7acb16ccb_JaffaCakes118.dll,#1
  2⤵
  PID:2116

memory/2116-0-0x0000000002110000-0x0000000003EE1000-memory.dmp

Filesize
29.8MB

Download
memory/2116-1-0x0000000002110000-0x0000000003EE1000-memory.dmp

Filesize
29.8MB

Download
memory/2116-2-0x0000000002110000-0x0000000002251000-memory.dmp

Filesize
1.3MB

Download