06c367e0ec581f47087aa3d7cf6215ab233c78b2c5021b44801007ccb94a4da3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 03:04

Target

4c8b84eacca2ba17fec75b883008b576_JaffaCakes118.dll
Size

65KB
MD5

4c8b84eacca2ba17fec75b883008b576
SHA1

3b564e3a31101e9a9fc9feb9788db40ae5e47ec2
SHA256

06c367e0ec581f47087aa3d7cf6215ab233c78b2c5021b44801007ccb94a4da3
SHA512

06bb5b6aeb95d67b510ef99d1cfe1d2950a048386d93a82399ff1bf9571e2964dd33f8665ef4bc6222d3e5ad78317419e498f2f2f0404d4e50235bda4e702827
SSDEEP

1536:JtDZ01dxFjUL91evJwDRxXIlFEOtJ5ZhFn0wcccccccc:JtDZkJjULHevJ2hIbEOL5PFn0wcccccI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 3924	4492	rundll32.exe	85
PID 4492 wrote to memory of 3924	4492	rundll32.exe	85
PID 4492 wrote to memory of 3924	4492	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c8b84eacca2ba17fec75b883008b576_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c8b84eacca2ba17fec75b883008b576_JaffaCakes118.dll,#1
  2⤵
  PID:3924

memory/3924-0-0x00000000027C0000-0x00000000028C0000-memory.dmp

Filesize
1024KB

Download
memory/3924-1-0x0000000074F00000-0x0000000074F12000-memory.dmp

Filesize
72KB

Download