ae89cfeabb993fc7299a38d5c1bd70ac1969dfd2e8423fbbfd6d21ab61983b25

Analysis

max time kernel
93s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 05:49

Target

487c05f29bcaee7b9341fd71d9f3d7f3_JaffaCakes118.dll
Size

104KB
MD5

487c05f29bcaee7b9341fd71d9f3d7f3
SHA1

f1fe055830a92b17a7aa25438e3a76177e72a9e4
SHA256

ae89cfeabb993fc7299a38d5c1bd70ac1969dfd2e8423fbbfd6d21ab61983b25
SHA512

c4cb176acf72b2219745916dcfad18171c16446ba2869b1235687fc50d35612a7c881587fbd8c25832abe70a4c1c3d275281db2bb1b57b58fb276ae4c1e1fc24
SSDEEP

3072:avoDlY26SMkTthc73c5TLV+580weZj6x/05UF:FDq26bt0V+5802p0U

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 1980	1604	rundll32.exe	83
PID 1604 wrote to memory of 1980	1604	rundll32.exe	83
PID 1604 wrote to memory of 1980	1604	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\487c05f29bcaee7b9341fd71d9f3d7f3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\487c05f29bcaee7b9341fd71d9f3d7f3_JaffaCakes118.dll,#1
  2⤵
  PID:1980

memory/1980-0-0x0000000001150000-0x000000000115D000-memory.dmp

Filesize
52KB

Download
memory/1980-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1980-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1980-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1980-7-0x0000000001150000-0x0000000001151000-memory.dmp

Filesize
4KB

Download