9b873df2823c7cd08e619c129246d3addac575db1960ffa245430fe179846c52

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 07:35

Target

48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll
Size

183KB
MD5

48d37f23910cdc8c92ae5c92f9fc6c2d
SHA1

4e03e1f9c7b373c3769bf48460e2e60a0d8ad247
SHA256

9b873df2823c7cd08e619c129246d3addac575db1960ffa245430fe179846c52
SHA512

91f5c94ff13ff6e4fc02a9f53e2602341398482a95fe279cae1f3bcc73647c666cf9ed4fb37aece4c86942adde95a7f975ea5562048e61941a49200fbb885ae9
SSDEEP

3072:B9f3bXYVm+1eRg0AoT+JGuy+zq8fflpwnYlnptV:B97Um+1eG0AoT6Guy+ff9pWYlnpt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 3040	4868	rundll32.exe	83
PID 4868 wrote to memory of 3040	4868	rundll32.exe	83
PID 4868 wrote to memory of 3040	4868	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d37f23910cdc8c92ae5c92f9fc6c2d_JaffaCakes118.dll,#1
  2⤵
  PID:3040

memory/3040-0-0x0000000000010000-0x000000000004F000-memory.dmp

Filesize
252KB

Download