7569317faf1da0c9c561cfba0e4406a767cb915a12633f58417c3f5966167e55

Analysis

max time kernel
143s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 10:13

Target

6728f361a77909bf1a30d0dbdec3d3ee_JaffaCakes118.dll
Size

130KB
MD5

6728f361a77909bf1a30d0dbdec3d3ee
SHA1

f43484150cb73d5394f27e2d0c059c5acdcb4651
SHA256

7569317faf1da0c9c561cfba0e4406a767cb915a12633f58417c3f5966167e55
SHA512

951917bda4ee61f06d0496d93c5803f70723e6d4692803ed70cef56cbd246072f49376f67b3d44feaf0ed85a3a354b529a535904f875efd7e2086e4a24160439
SSDEEP

3072:XBTrJFpApS7h4zYnbw3QlqcTQoF7AqyvfmW0gQ:XJrJYwScgQ0ckDV0f

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2280	2288	rundll32.exe	84
PID 2288 wrote to memory of 2280	2288	rundll32.exe	84
PID 2288 wrote to memory of 2280	2288	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6728f361a77909bf1a30d0dbdec3d3ee_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6728f361a77909bf1a30d0dbdec3d3ee_JaffaCakes118.dll,#1
  2⤵
  PID:2280

memory/2280-0-0x000000006DA40000-0x000000006DA65000-memory.dmp

Filesize
148KB

Download