a84f1fc64f609e7ada50303a1c6ac8ab974b40c9e6beda82f66f8868b868331a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 03:46

Target

4caf8f7a5bc99f11a6f8b4507f212ea7_JaffaCakes118.dll
Size

18KB
MD5

4caf8f7a5bc99f11a6f8b4507f212ea7
SHA1

056eb673e73559c12a042ba32c151ef6b81b398b
SHA256

a84f1fc64f609e7ada50303a1c6ac8ab974b40c9e6beda82f66f8868b868331a
SHA512

f2b44f800335b2d280a83b245a48a80cc14ea5e58380a73cfe475d70ae068d6dd1ae9419d51fc2b33ae9fb886285361edd4bb44bc6b7640ae543da983cfb29ba
SSDEEP

384:uORdCyiYMqlWjDmQq8uNOdA4JUw2p2yzAzdeTzE:uCCycqlUDmQYF4J+Yy8d0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 2124	3440	rundll32.exe	83
PID 3440 wrote to memory of 2124	3440	rundll32.exe	83
PID 3440 wrote to memory of 2124	3440	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4caf8f7a5bc99f11a6f8b4507f212ea7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4caf8f7a5bc99f11a6f8b4507f212ea7_JaffaCakes118.dll,#1
  2⤵
  PID:2124

memory/2124-0-0x0000000000830000-0x000000000083A000-memory.dmp

Filesize
40KB

Download