609657533a0ecd10203dfd2a6f930b72eb6c05178970ab916bf676e92d8e27c7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 13:18

Target

60a520861a96f2c9b2b11cdc1ad70afd_JaffaCakes118.dll
Size

68KB
MD5

60a520861a96f2c9b2b11cdc1ad70afd
SHA1

4556d83a6e1d37d158ebb8b71d0b516a5390ad4c
SHA256

609657533a0ecd10203dfd2a6f930b72eb6c05178970ab916bf676e92d8e27c7
SHA512

f7c9820d3924e64681d969f5ee769e4e227bb7116d1ce808bc9a84ae6589e4f671762a8b0f0e4134daa85fd0e5868948dfa12a685aa84be5f91a27b5a53e2d87
SSDEEP

1536:j+75EBFp3vOmvKyno/iZnYgYTABgjee7AGfGb+Mwb:XBn3WM/oWnx+neerOb+v

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 552	4892	rundll32.exe	84
PID 4892 wrote to memory of 552	4892	rundll32.exe	84
PID 4892 wrote to memory of 552	4892	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a520861a96f2c9b2b11cdc1ad70afd_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60a520861a96f2c9b2b11cdc1ad70afd_JaffaCakes118.dll,#1
  2⤵
  PID:552

memory/552-0-0x0000000000A60000-0x0000000000AA7000-memory.dmp

Filesize
284KB

Download
memory/552-1-0x0000000000A60000-0x0000000000AA7000-memory.dmp

Filesize
284KB

Download