5fc77123938defa37393467a1e29cba8f6cc83378a8f90d62b3b0b2a7bff56e2

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 17:27

Target

42a65dd463fe55824c545e63c23d9933_JaffaCakes118.dll
Size

254KB
MD5

42a65dd463fe55824c545e63c23d9933
SHA1

09c3ec082afc5eddab0f5f4b4945ac7a60b80a80
SHA256

5fc77123938defa37393467a1e29cba8f6cc83378a8f90d62b3b0b2a7bff56e2
SHA512

ab257d074c122966bfa1f54fbfe56f7f302c533cca726f75c311eeaeba03b09cc98870ace09ba13208d2ed83a69bc9b539a64ebfb5a30eac07f1a0a9c4a7917d
SSDEEP

6144:kLVUYQPjEw/7O0+gilQeeaQeeBQeesQeem6QeehQeeJUYcV0A2t0KFM0sW:kLVUYQ79k+Y0206B

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 3232	3012	rundll32.exe	83
PID 3012 wrote to memory of 3232	3012	rundll32.exe	83
PID 3012 wrote to memory of 3232	3012	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42a65dd463fe55824c545e63c23d9933_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42a65dd463fe55824c545e63c23d9933_JaffaCakes118.dll,#1
  2⤵
  PID:3232

memory/3232-0-0x0000000006180000-0x0000000006181000-memory.dmp

Filesize
4KB

Download