7ffd80ca6bfd88a2b5df4be5cfedb2575d93debc6dea63941f71d35f20e03f7a

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 02:32

Target

47d84a5ab91db29a508bee0aab2fcb7a_JaffaCakes118.dll
Size

50KB
MD5

47d84a5ab91db29a508bee0aab2fcb7a
SHA1

7ba7803b935ff5cf27d85de63d7d7d3c79f76196
SHA256

7ffd80ca6bfd88a2b5df4be5cfedb2575d93debc6dea63941f71d35f20e03f7a
SHA512

7f94365998315295f1356d2c11f1cdbb0283d9df6bce3367ec87b43ea338db79e7ce79f85eaf90e5f94e008eea5a648e5b2191ea4eceaf3f8948c9ce622e26ab
SSDEEP

1536:L4XIGM+8/Bklrd6RrejN9Sn3If6WaJFeep6bA:atXOQjN9S3ISWaDp6bA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 640	4088	rundll32.exe	83
PID 4088 wrote to memory of 640	4088	rundll32.exe	83
PID 4088 wrote to memory of 640	4088	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\47d84a5ab91db29a508bee0aab2fcb7a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\47d84a5ab91db29a508bee0aab2fcb7a_JaffaCakes118.dll,#1
  2⤵
  PID:640

memory/640-0-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download