6f20b0711c23d865729a04f1285c89cb3da14f281bbd0f4fecabfbafdd7494f2

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 08:25

Target

4508bb5297f4c61ddf3a6f57bae88697_JaffaCakes118.dll
Size

9KB
MD5

4508bb5297f4c61ddf3a6f57bae88697
SHA1

6649cb64d9b2fe9e5f36638f09510f2e7e1577c5
SHA256

6f20b0711c23d865729a04f1285c89cb3da14f281bbd0f4fecabfbafdd7494f2
SHA512

dc669f167c51ad629f0c4b6971372432628bff106e4745f9b065015840e7ac11c2c14eeadb55d0464e002e697a56d0b6d24cd739efc1a7a3cb7a28f710a5adf7
SSDEEP

96:q1V7dR7uwEU+hCT3GrxZ4MUtPNlz0MdG8EWvdM3IWwG34bd:kuwEt8rsTUtPLzKNWSYWF4bd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 5104	2368	rundll32.exe	83
PID 2368 wrote to memory of 5104	2368	rundll32.exe	83
PID 2368 wrote to memory of 5104	2368	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4508bb5297f4c61ddf3a6f57bae88697_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4508bb5297f4c61ddf3a6f57bae88697_JaffaCakes118.dll,#1
  2⤵
  PID:5104

memory/5104-0-0x0000000000A00000-0x0000000000A07000-memory.dmp

Filesize
28KB

Download