b53f7cbf6b7cfbadd98d50abdf9ff34b1128eea09c431e95841427573427eae8

Analysis

max time kernel
94s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:53

Target

61bcc081e42bed641e9c69b6634fb960_JaffaCakes118.dll
Size

372KB
MD5

61bcc081e42bed641e9c69b6634fb960
SHA1

45e3dbffdb97cd53dbd24bd8cf2ddc6cbf6b995a
SHA256

b53f7cbf6b7cfbadd98d50abdf9ff34b1128eea09c431e95841427573427eae8
SHA512

ba0afa080c0987404f701f3df63fe01ca90c6255583ac2ab1fd8809479340a0a2ccab27ebf9d0e78e3ebf5a9ea6a2a77eb6a489e08435d0337ee2e073a975afb
SSDEEP

6144:DYefZYg3u8quPuXLehEfHEFpf4wUyxdjzFGOXZdnbr6gHDkc:DHYg3HI/ofnXzb+gjk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 4244	2296	rundll32.exe	86
PID 2296 wrote to memory of 4244	2296	rundll32.exe	86
PID 2296 wrote to memory of 4244	2296	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61bcc081e42bed641e9c69b6634fb960_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61bcc081e42bed641e9c69b6634fb960_JaffaCakes118.dll,#1
  2⤵
  PID:4244

memory/4244-0-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/4244-1-0x0000000002950000-0x0000000002A50000-memory.dmp

Filesize
1024KB

Download