944622fb2971d380955059af5f379c2525556d1a0b747dac73ea5cf0b9eb7e08

Analysis

max time kernel
93s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 09:41

Target

670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll
Size

265KB
MD5

670f430cb84c8c5e12ba19f82befc434
SHA1

b45ad6adac2f8099dfc4731eddcf41e257d6c219
SHA256

944622fb2971d380955059af5f379c2525556d1a0b747dac73ea5cf0b9eb7e08
SHA512

402814b4bd7cfda4e1183ed9fa6279d7bc2f0dc3764f4039dceae9fb31c3cb3b84b7b92d7e19f16db97f71d07a173ae2e06f8a4d6d785db356fbf88b8421f2c2
SSDEEP

6144:byFKCz6hpn4G2+lKI6nCJ2uTEeX3OYHDsJC5yOTcJw3+ykFS2pddl0n4A0dhHZDO:byJc4F+llwuTEU3OYjyU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3316 wrote to memory of 3176	3316	rundll32.exe	84
PID 3316 wrote to memory of 3176	3316	rundll32.exe	84
PID 3316 wrote to memory of 3176	3316	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\670f430cb84c8c5e12ba19f82befc434_JaffaCakes118.dll,#1
  2⤵
  PID:3176

memory/3176-0-0x00000000026B0000-0x000000000276B000-memory.dmp

Filesize
748KB

Download
memory/3176-1-0x00000000026B0000-0x000000000276B000-memory.dmp

Filesize
748KB

Download
memory/3176-2-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download