9b7a735d1d82ac25221f60fb1a4f8c1a044cc86f3a81619f3970011945d50606

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 02:26

Target

4c6d8ff1328e2c6e32f4c3681a8b2091_JaffaCakes118.dll
Size

84KB
MD5

4c6d8ff1328e2c6e32f4c3681a8b2091
SHA1

d4d773d02af1624d86cbe5b51ac234c033a66e2d
SHA256

9b7a735d1d82ac25221f60fb1a4f8c1a044cc86f3a81619f3970011945d50606
SHA512

8758863b8076676754f963fc0f83e2de7b6cd2684ce2099f7737da5e7e94ee31bb24671fcf0be60f2287a59ac5bb3156462d4da2af3bb7438a34245a231fad20
SSDEEP

1536:qs3eLjW0OrV1W4TulGqCOlK20yBk9nyf8i6PZb+BnRc+Ez6u:qLHW0OZTPOTtBk5yN6PeRcB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 3132	2232	rundll32.exe	83
PID 2232 wrote to memory of 3132	2232	rundll32.exe	83
PID 2232 wrote to memory of 3132	2232	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c6d8ff1328e2c6e32f4c3681a8b2091_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c6d8ff1328e2c6e32f4c3681a8b2091_JaffaCakes118.dll,#1
  2⤵
  PID:3132

memory/3132-0-0x0000000010000000-0x0000000010019000-memory.dmp

Filesize
100KB

Download