ee7028870073794f1ba3db406130621a5ca778668805b4b6308b68c67be9cb28

Analysis

max time kernel
93s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 00:26

Target

476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll
Size

2.1MB
MD5

476f4d6d64a1bc94e23d65a08e0baaab
SHA1

e1fc9949ceddf488f60e0ee36c32b6518862de73
SHA256

ee7028870073794f1ba3db406130621a5ca778668805b4b6308b68c67be9cb28
SHA512

c1aaa969befe82e590149ba18c85b40fb39f3128ab4df6aa952da967e2ca4b5e6d0bb073a377d48606c9c84d29454d3eae76752de98cc2b9b8c2dca9ec724748
SSDEEP

24576:YDsmV1zzMTn+byEFtcjNtscfpFVp7pdNWJqk+m7WbMKwfq5P2wq9qHM4ZBjbTBlA:osmT47+7FiB+cfRWkkjY5qUHj1FhW8q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 228	2776	rundll32.exe	85
PID 2776 wrote to memory of 228	2776	rundll32.exe	85
PID 2776 wrote to memory of 228	2776	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\476f4d6d64a1bc94e23d65a08e0baaab_JaffaCakes118.dll,#1
  2⤵
  PID:228

memory/228-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download