9661c815df446c1efdd8809f1f3a73ecac0eccd4e565b3a08953dbe5fe7fe75f

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 12:53

Target

49dd85ebb3ecd267b6d34480d41e1bc3_JaffaCakes118.dll
Size

8KB
MD5

49dd85ebb3ecd267b6d34480d41e1bc3
SHA1

4c7db69760a7c3d5c6c08ac63133b48cf389af7b
SHA256

9661c815df446c1efdd8809f1f3a73ecac0eccd4e565b3a08953dbe5fe7fe75f
SHA512

ddbf11bb901807de86a9a06f6e9bcbefe38a80e243422148e401431593c96d319b6a087271e89fb52bb34aed08cab59b681deced713ad425b5e2f67ce5a92594
SSDEEP

192:8ckSo+lemOk3V8gj94dDu9AxMj+ZDGboWkgUw9J:8jSAC8gqEaMj+ZCbo5i

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 4156	3068	rundll32.exe	83
PID 3068 wrote to memory of 4156	3068	rundll32.exe	83
PID 3068 wrote to memory of 4156	3068	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49dd85ebb3ecd267b6d34480d41e1bc3_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49dd85ebb3ecd267b6d34480d41e1bc3_JaffaCakes118.dll,#1
  2⤵
  PID:4156

memory/4156-0-0x0000000025000000-0x0000000025015000-memory.dmp

Filesize
84KB

Download