08bad6cd2ab370ee0e0d2f44335da64795df7be5e7a1a47d9b1c7550d98bb642

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 22:52

Target

651e93ea3dca3fd3adcd18bca3d93331_JaffaCakes118.dll
Size

88KB
MD5

651e93ea3dca3fd3adcd18bca3d93331
SHA1

bad8cf40b6f1b97a9cd88c680ec11b66661ad352
SHA256

08bad6cd2ab370ee0e0d2f44335da64795df7be5e7a1a47d9b1c7550d98bb642
SHA512

5e0f2b707d0310f4f13280cb6ebbc1206c4d372de349dc212d7787cc083d5d92d85e6deccbaa2376641d244f912906c308c7335076ca94605d8cb5bed4ed5827
SSDEEP

1536:Wnf7N3INgKSbEF8S2a44L6NjfVfKyCcG7ZP/sk:Wnf7N3INfSY+S2a4G6NjdfK+rk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 3148	5072	rundll32.exe	84
PID 5072 wrote to memory of 3148	5072	rundll32.exe	84
PID 5072 wrote to memory of 3148	5072	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\651e93ea3dca3fd3adcd18bca3d93331_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\651e93ea3dca3fd3adcd18bca3d93331_JaffaCakes118.dll,#1
  2⤵
  PID:3148

memory/3148-0-0x00000000005E0000-0x00000000005ED000-memory.dmp

Filesize
52KB

Download
memory/3148-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/3148-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/3148-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download