42d5048681c199b746004a2f74c40f0ac5174f1980136e018a9c73319ef26a9d

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 09:09

Target

5fdefa3b12c87cc0cfbb8e445cc36542_JaffaCakes118.dll
Size

10.2MB
MD5

5fdefa3b12c87cc0cfbb8e445cc36542
SHA1

4b666ef0c06b8f8f3f430e6a5429a0255f166736
SHA256

42d5048681c199b746004a2f74c40f0ac5174f1980136e018a9c73319ef26a9d
SHA512

15ef849c6460bcffe883ded427f86f302006fe50ca2dbc9f8a4bc8dc6f5de38c4a67bc9f6ed4afeb03b15b547d1290a5c80d1593128c63ffb487936f65beca25
SSDEEP

98304:7C+l8NWii+2eHVijFNjv34NAjriHNRrsIPYOx6qbHkcAAUz5eykV7/iAXflijzJk:7CyDe1ITjwNAfitR4IxnO5eyyXf6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3736	2404	rundll32.exe	85
PID 2404 wrote to memory of 3736	2404	rundll32.exe	85
PID 2404 wrote to memory of 3736	2404	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fdefa3b12c87cc0cfbb8e445cc36542_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5fdefa3b12c87cc0cfbb8e445cc36542_JaffaCakes118.dll,#1
  2⤵
  PID:3736

memory/3736-0-0x0000000002930000-0x000000000338D000-memory.dmp

Filesize
10.4MB

Download
memory/3736-1-0x0000000002930000-0x000000000338D000-memory.dmp

Filesize
10.4MB

Download