f180af3192b6020b98142be2e857d970ec9eca5d587cee4a6c9e4f8e6dddbd26

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 01:25

Target

4c3d920403f6ddf855471bb43c25c9cd_JaffaCakes118.dll
Size

96KB
MD5

4c3d920403f6ddf855471bb43c25c9cd
SHA1

72e3fea4b18fbedd9712f22e192d497bbd9d5771
SHA256

f180af3192b6020b98142be2e857d970ec9eca5d587cee4a6c9e4f8e6dddbd26
SHA512

8440819abdd3277b11960bb2a8a7e0a0caf95d53fcf93e48444095b961f4b6ead6b6e7c6b25a2b7627e3c6b6b4073c01f8da6cbb16d1d1f7f20244078e4a5a2b
SSDEEP

768:FrrX4SB6MAJBXRu3IckCjTdqypCTotwLSg8MPDr0:q2zAID30JxOg9Dw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 400	1096	rundll32.exe	83
PID 1096 wrote to memory of 400	1096	rundll32.exe	83
PID 1096 wrote to memory of 400	1096	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c3d920403f6ddf855471bb43c25c9cd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c3d920403f6ddf855471bb43c25c9cd_JaffaCakes118.dll,#1
  2⤵
  PID:400

memory/400-0-0x0000000025000000-0x0000000025018000-memory.dmp

Filesize
96KB

Download