d5e68ff0aafdead4472f66d55f1395e1a69acc75bbeeb99014383ded43e812d0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 00:06

Target

475e1acadf9c5792f35d4e4cbd127611_JaffaCakes118.dll
Size

24KB
MD5

475e1acadf9c5792f35d4e4cbd127611
SHA1

bdd0eecc310e4e2776628840a9e24914e73f0865
SHA256

d5e68ff0aafdead4472f66d55f1395e1a69acc75bbeeb99014383ded43e812d0
SHA512

f17cb0217f128905dee8467d82ea466ec36e33347e79aa2c35d5523d5b94008c14ad39086c5c3239fe589d2ad51e0bc8023e01b5dae5a8f0069670b12cf0738c
SSDEEP

384:wgQXq8XVOB+vcZ8BjnZY1eBvyLfaHCtFOh3u41f9AquTxJ5hZxgtX7k+U3sX:wgQHXqZ8BDZm2itVI9cJJsrprX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 4016	1260	rundll32.exe	83
PID 1260 wrote to memory of 4016	1260	rundll32.exe	83
PID 1260 wrote to memory of 4016	1260	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\475e1acadf9c5792f35d4e4cbd127611_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\475e1acadf9c5792f35d4e4cbd127611_JaffaCakes118.dll,#1
  2⤵
  PID:4016

memory/4016-0-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download
memory/4016-1-0x00000000003E0000-0x00000000003E7000-memory.dmp

Filesize
28KB

Download