e0b91e140ffc9cd6df6a95e24829c1db3042a6bb98321b3ad64ce9025edd326b

Analysis

max time kernel
112s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 06:34

Target

667eb94b9cfba3e7754422bf4d055b64_JaffaCakes118.dll
Size

20KB
MD5

667eb94b9cfba3e7754422bf4d055b64
SHA1

4ac0f313acfd419762d5b451f8564e8e9877d791
SHA256

e0b91e140ffc9cd6df6a95e24829c1db3042a6bb98321b3ad64ce9025edd326b
SHA512

dc9be514c18c532ce7337370d2954d5311c89f87daafe4e645e23ea341c5602eb3ffa07c113651273b5f89c865fb17c34f1ee90054b9e17468a68a08c3ae4bb0
SSDEEP

48:qWyjFXAQJHHodcVnugya//QgTgXo4oZnxo9chVmVQSRSyrNjC/YqkhGqwGeXnV:ZyBounu5aXd04PJ6YYVk1nknLk

Score

5^/10

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\service\dllw.txt	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\service\dll1.txt	rundll32.exe
File created	C:\Windows\SysWOW64\service\dll1.txt	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\service\dll2.txt	rundll32.exe
File created	C:\Windows\SysWOW64\service\dll2.txt	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\service\dllw.txt	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 916	3332	rundll32.exe	84
PID 3332 wrote to memory of 916	3332	rundll32.exe	84
PID 3332 wrote to memory of 916	3332	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\667eb94b9cfba3e7754422bf4d055b64_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\667eb94b9cfba3e7754422bf4d055b64_JaffaCakes118.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:916

memory/916-0-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download