e9833dc486599d6ce0a1ff9df85376c291de83fb41d426c3c5277515cafcc359

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 20:23

Target

43356dafaadfaa449f19d1d559dc4075_JaffaCakes118.dll
Size

120KB
MD5

43356dafaadfaa449f19d1d559dc4075
SHA1

946077348e9d7a1d406b097acfb2c0d5d3fec707
SHA256

e9833dc486599d6ce0a1ff9df85376c291de83fb41d426c3c5277515cafcc359
SHA512

3aa42d65b1f74e2f7ccfeb52b621bd7d9b55d286ef35dda39c3c3f6bbf02ff5b3a2af034af3b9fda13836da94587363883d4de54dd0ae39e60ce53c2060b50be
SSDEEP

3072:xW3oKQC9z6nC8L11wcQZhP+lCooRN08MbCQN:xiT/9OnN1ecQ9oY7O9N

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 3872	4568	rundll32.exe	83
PID 4568 wrote to memory of 3872	4568	rundll32.exe	83
PID 4568 wrote to memory of 3872	4568	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\43356dafaadfaa449f19d1d559dc4075_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\43356dafaadfaa449f19d1d559dc4075_JaffaCakes118.dll,#1
  2⤵
  PID:3872

memory/3872-0-0x0000000001360000-0x000000000136B000-memory.dmp

Filesize
44KB

Download
memory/3872-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/3872-7-0x0000000001360000-0x000000000136B000-memory.dmp

Filesize
44KB

Download