805906486f0fb60d23277da5000a910ac4ba7a7c964024bf0d8c93ee95ab3058

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 12:35

Target

39234c96803f0bc8489df7d1e2c10e10_JaffaCakes118.dll
Size

160KB
MD5

39234c96803f0bc8489df7d1e2c10e10
SHA1

50e2905abfcf007610593deee5c37b362837c72c
SHA256

805906486f0fb60d23277da5000a910ac4ba7a7c964024bf0d8c93ee95ab3058
SHA512

49abd34081d5d77f4e38eba9bd6672e2d4a2b495c55a96795baa3e97c1ebc2946f1c75e89290f04552387bd440012a032eabe443912a454212a109b6f204e7e0
SSDEEP

3072:ZZG8/m7p7ICftZRfCl+LblysFHO1SMqqDLy/8e91L2wCBs:PduNUClrfCm0sw1xqqDLub91L

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3512 wrote to memory of 1632	3512	rundll32.exe	84
PID 3512 wrote to memory of 1632	3512	rundll32.exe	84
PID 3512 wrote to memory of 1632	3512	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39234c96803f0bc8489df7d1e2c10e10_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39234c96803f0bc8489df7d1e2c10e10_JaffaCakes118.dll,#1
  2⤵
  PID:1632

memory/1632-0-0x0000000000FA0000-0x0000000000FAA000-memory.dmp

Filesize
40KB

Download
memory/1632-4-0x0000000010019000-0x0000000010030000-memory.dmp

Filesize
92KB

Download