dc9bf2333329ab7355d4735fa2e3e6ddb1bb07929e2c977cfafd3be3aded9c94

Analysis

max time kernel
141s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 02:10

Target

5a0ca1e2771130410a11c3ffc0e86c0a_JaffaCakes118.dll
Size

76KB
MD5

5a0ca1e2771130410a11c3ffc0e86c0a
SHA1

e609fc6698ade8217e305675d7c200e4f33a2043
SHA256

dc9bf2333329ab7355d4735fa2e3e6ddb1bb07929e2c977cfafd3be3aded9c94
SHA512

137eb67caec78cb7c8c26ff6bcb95329425034e13d054b95d5d7103d996cf032f6a4b0b5e5db3bea3aafb40474ea724321c9e1204d17bdaa954df94a8ee79a8b
SSDEEP

768:q0dWDoPQ70q6VETjtDQcUd6EsJ4Szvu4Isw+OklOBz4pz4EKyTpLZd3BTiVQotJv:jI8YgVijHUUVDvuOuGR4EJ/dFEQo7WU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 4652	2520	rundll32.exe	84
PID 2520 wrote to memory of 4652	2520	rundll32.exe	84
PID 2520 wrote to memory of 4652	2520	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a0ca1e2771130410a11c3ffc0e86c0a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a0ca1e2771130410a11c3ffc0e86c0a_JaffaCakes118.dll,#1
  2⤵
  PID:4652

memory/4652-0-0x0000000000E20000-0x0000000000E2A000-memory.dmp

Filesize
40KB

Download
memory/4652-2-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/4652-7-0x0000000000E20000-0x0000000000E2A000-memory.dmp

Filesize
40KB

Download