12bd15bd01ebfa9611b23106826bd11a9d96a1448775d4c3ffbdb95dea378ac2

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 16:59

Target

4a94d18d6f9d638effccf22ef9123226_JaffaCakes118.dll
Size

84KB
MD5

4a94d18d6f9d638effccf22ef9123226
SHA1

e01ebc1d55d51a1241056a1720b942d6409a3bed
SHA256

12bd15bd01ebfa9611b23106826bd11a9d96a1448775d4c3ffbdb95dea378ac2
SHA512

369dfc4a08c8e954c7b44aa7fc0aa7d51780a8e7707def7109e723c86fb70c5dc89ec25966910a6d32851869b7e3faa10a8a7c0c97049c9f863963e5c5ebea77
SSDEEP

1536:JaUDx4N59HGZ/LURvPgu0Ak3Dh6fR0qeCAFfmyIgjp6eg:JaUDWNmZ/YBPgu0Ak3DhIR0qetm3f

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 2228	4240	rundll32.exe	85
PID 4240 wrote to memory of 2228	4240	rundll32.exe	85
PID 4240 wrote to memory of 2228	4240	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a94d18d6f9d638effccf22ef9123226_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a94d18d6f9d638effccf22ef9123226_JaffaCakes118.dll,#1
  2⤵
  PID:2228

memory/2228-0-0x00000000013E0000-0x00000000013ED000-memory.dmp

Filesize
52KB

Download
memory/2228-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2228-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2228-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2228-7-0x00000000013E0000-0x00000000013E1000-memory.dmp

Filesize
4KB

Download