1d7023f7e7344c3115724c1b657a00249077230718c2caba378d9fba1f65c70a

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 09:23

Target

4db29c55dd3624b5ff4f9c605aeebbe6_JaffaCakes118.dll
Size

252KB
MD5

4db29c55dd3624b5ff4f9c605aeebbe6
SHA1

69a170dad73449301e7d826dc254268a0c10abbd
SHA256

1d7023f7e7344c3115724c1b657a00249077230718c2caba378d9fba1f65c70a
SHA512

1264085afbea324d435b6662a73739a11f30b45e44cff655c7e4c83dcd33ec98dc43b7b8374fbc5dab10d3ff7063d0929a3da4b82d6b42026a7fd783556df7c2
SSDEEP

6144:SJeY8iOf7hVl/sXBSrS/vw/SbpkZ2CycZ65CWj047RFBd:SfEDyXU+fCr0XT7Dj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 4592	1676	rundll32.exe	83
PID 1676 wrote to memory of 4592	1676	rundll32.exe	83
PID 1676 wrote to memory of 4592	1676	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4db29c55dd3624b5ff4f9c605aeebbe6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4db29c55dd3624b5ff4f9c605aeebbe6_JaffaCakes118.dll,#1
  2⤵
  PID:4592

memory/4592-0-0x0000000000010000-0x000000000004F000-memory.dmp

Filesize
252KB

Download