721ba0343ef084088752eea691b31cdb746e3a6e886bbec7b07320bedd1f0d99

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 09:50

Target

454e92f76613f4755c8846a9a01ec09a_JaffaCakes118.dll
Size

18KB
MD5

454e92f76613f4755c8846a9a01ec09a
SHA1

7cab8db814ca9bf20e1e5dc07c218b1989e047d3
SHA256

721ba0343ef084088752eea691b31cdb746e3a6e886bbec7b07320bedd1f0d99
SHA512

fce2890a0b3cf3a05a76d3d66d4d61b02e69a40b7a8af549c893fb0d97a1e67807d0c5d68568365ca3e7b0ee8cb038a0920caef321015aac641f9357fc5cebbe
SSDEEP

384:vide387FXzpE7111VOt3OjYHdg4GDHeDwuvN8ZDbeMZoCSkqGpZ:6M8ZX9m116hHN6Hcw0KlbZSkhf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 1972	5084	rundll32.exe	83
PID 5084 wrote to memory of 1972	5084	rundll32.exe	83
PID 5084 wrote to memory of 1972	5084	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\454e92f76613f4755c8846a9a01ec09a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\454e92f76613f4755c8846a9a01ec09a_JaffaCakes118.dll,#1
  2⤵
  PID:1972

memory/1972-0-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download