10e0d9d4a73640b9c89e949d05a6e34dd2b5d2db2a99cff9c12a14ed3508b211

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 12:11

Target

49b896880f2833e44d29a481a34d8091_JaffaCakes118.dll
Size

51KB
MD5

49b896880f2833e44d29a481a34d8091
SHA1

7ede078bf15787ca8d11daf67422cf70ffaa54cb
SHA256

10e0d9d4a73640b9c89e949d05a6e34dd2b5d2db2a99cff9c12a14ed3508b211
SHA512

574be69cbad3177ae92e6107f2cee3d2e82ef5f6a142b43397bc1f7b1fab89fd00d71b396e2cf1102096e920d67cd412da079b6a00a82ab74ba3cac53d0144a6
SSDEEP

1536:BfQAl+7ovOcMeDzhYip0JvzRpKwzxTSP9T8Chq8S7:dQAl+p1Khhe72wNU8qq8S7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4240	4696	rundll32.exe	83
PID 4696 wrote to memory of 4240	4696	rundll32.exe	83
PID 4696 wrote to memory of 4240	4696	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b896880f2833e44d29a481a34d8091_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49b896880f2833e44d29a481a34d8091_JaffaCakes118.dll,#1
  2⤵
  PID:4240

memory/4240-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/4240-1-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download