9eb1e318f2196b677a8ee35ece4ca775452e5391fab276dcdfbc7111e299998d

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 03:15

Target

3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll
Size

36KB
MD5

3bcc7c4faa9f2412036744d659933acb
SHA1

8ff9a4e54d7901d513f83168c44dc7333809ea97
SHA256

9eb1e318f2196b677a8ee35ece4ca775452e5391fab276dcdfbc7111e299998d
SHA512

6267dcb3b46b72bbf773ad1436d2d6a3b955f845f1dba7b4a6829f3eba1d29018c466affbf72f063f07cbf4700ebc6f25df3f8c2a0f498b7ee08732ddb19dfbd
SSDEEP

768:fhZaoi8p1m+LEQLT6Ua1KDoFKbdwAlJcMTx8HiI1:fhZe8pLja1K35HJcbHb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4952	2512	rundll32.exe	83
PID 2512 wrote to memory of 4952	2512	rundll32.exe	83
PID 2512 wrote to memory of 4952	2512	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bcc7c4faa9f2412036744d659933acb_JaffaCakes118.dll,#1
  2⤵
  PID:4952

memory/4952-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4952-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4952-2-0x00000000028B0000-0x00000000028B2000-memory.dmp

Filesize
8KB

Download