08bb66d2b4fcc8f7a35dbb44f96a9b7343e52628afb1a11ec58a691134d0ce6a

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 13:30

Target

67c619be002b8b268239f262a36f820c_JaffaCakes118.dll
Size

565KB
MD5

67c619be002b8b268239f262a36f820c
SHA1

729994aae8cfbf53aa9fab026e627678ace40e48
SHA256

08bb66d2b4fcc8f7a35dbb44f96a9b7343e52628afb1a11ec58a691134d0ce6a
SHA512

608af3c173f531953777494cbef5bcecf6000c5384e04fcb9f1c3ba2a9838e8c351bddd8764f8c76a89a26845889e14f8ba9acad1177675c0fe831a4033b7916
SSDEEP

12288:wIYz98rNL4c7Wxqgmt4KWbtMp/mID7HUBcwJU/dXywGqAlUYcKvD:KJ8pL4Fqgmpp/H2cwJUFCwHYc6D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 900	4776	rundll32.exe	84
PID 4776 wrote to memory of 900	4776	rundll32.exe	84
PID 4776 wrote to memory of 900	4776	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\67c619be002b8b268239f262a36f820c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\67c619be002b8b268239f262a36f820c_JaffaCakes118.dll,#1
  2⤵
  PID:900

memory/900-0-0x0000000020000000-0x0000000020008000-memory.dmp

Filesize
32KB

Download