f81f117a910d074f41610c01f89ffa7d07d6d186a7797d3737d3ef2193e9ccdd

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 00:30

Target

3f7ed55242fb99f842433fba69de483f_JaffaCakes118.dll
Size

36KB
MD5

3f7ed55242fb99f842433fba69de483f
SHA1

7910077bb4e24b6784d82ede1b3b10a27a65983e
SHA256

f81f117a910d074f41610c01f89ffa7d07d6d186a7797d3737d3ef2193e9ccdd
SHA512

98ad1876725e1134bc8c66145c5402802e8187137ca261ee14c470074936ec265a5171fd99fc1d9fa6e8cffbb6cddfdb8e56924adc6006e7fab51c616c4b900b
SSDEEP

768:59VThUnHOJtkvNy0VCZ6Z8IijcMTx/TmQDGQ:vPpJGVy00xIijc147

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 180 wrote to memory of 4664	180	rundll32.exe	83
PID 180 wrote to memory of 4664	180	rundll32.exe	83
PID 180 wrote to memory of 4664	180	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7ed55242fb99f842433fba69de483f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f7ed55242fb99f842433fba69de483f_JaffaCakes118.dll,#1
  2⤵
  PID:4664

memory/4664-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4664-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/4664-2-0x0000000002760000-0x0000000002762000-memory.dmp

Filesize
8KB

Download