1c8eccd7da5e43e6ac3a6aae3aff9a8ba527b5de23c1a824c7160b1e41042614

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 09:38

Target

493c046eb3353493ebff73a5ec9d3d6a_JaffaCakes118.dll
Size

167KB
MD5

493c046eb3353493ebff73a5ec9d3d6a
SHA1

b5cb31689c07a04411147d0b5edf0beec213a244
SHA256

1c8eccd7da5e43e6ac3a6aae3aff9a8ba527b5de23c1a824c7160b1e41042614
SHA512

124384d810c7dd41de495982100f4948781ecbef60ac73fb444f9314cdda59cbbb78a9570d5d464a044e2a6d840080e535d5a79d60228f950f9b754092903fa5
SSDEEP

3072:IhX13vEvW23OOjK0EG9ls2Uu+nbfpkZLl6SMLPeHQJ1Y9dpDe1:IF13vE/tDsiKbfpk5QtPeHQn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2736	2232	rundll32.exe	83
PID 2232 wrote to memory of 2736	2232	rundll32.exe	83
PID 2232 wrote to memory of 2736	2232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\493c046eb3353493ebff73a5ec9d3d6a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\493c046eb3353493ebff73a5ec9d3d6a_JaffaCakes118.dll,#1
  2⤵
  PID:2736

memory/2736-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download