80cabf91be638c45e7a053a9402dadf6869dd6786d9483e150c01e8900370ef5

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2024 04:33

Target

40374e195259e244a25d3531e4c8737f_JaffaCakes118.dll
Size

10KB
MD5

40374e195259e244a25d3531e4c8737f
SHA1

4073e5b8f1e69623ab39d25c99c5470a05160c27
SHA256

80cabf91be638c45e7a053a9402dadf6869dd6786d9483e150c01e8900370ef5
SHA512

05322caf37db665e7dfb13f1cb41af4cd476cc974f9127f8404895862e3de0eeb5e6938a8bbd7d2c8583e0cdf3c4400af9fd9a63cb84f6b31237d57033af54cd
SSDEEP

192:qDLw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:kldHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 396	1352	rundll32.exe	83
PID 1352 wrote to memory of 396	1352	rundll32.exe	83
PID 1352 wrote to memory of 396	1352	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40374e195259e244a25d3531e4c8737f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40374e195259e244a25d3531e4c8737f_JaffaCakes118.dll,#1
  2⤵
  PID:396

memory/396-0-0x000000006D990000-0x000000006D997000-memory.dmp

Filesize
28KB

Download