434c9803dadbc395c31764cbf060ba2398a755d04b74d023fb8137344a64a57d

Analysis

max time kernel
54s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 01:04

Target

06794ea322e2fdbb1b04349a2f8b5ef2_JaffaCakes118.dll
Size

57KB
MD5

06794ea322e2fdbb1b04349a2f8b5ef2
SHA1

8368d04f4ee404dd50e0a784fe49843081fd0b63
SHA256

434c9803dadbc395c31764cbf060ba2398a755d04b74d023fb8137344a64a57d
SHA512

d711f83ae207667e61f5e7122981d70574c3c9bebcad19bb48ba3c03bcfa6383dc6785d08b064049d0978749f6400558c9bae43bb542540bf856982804cebec8
SSDEEP

768:3PeAPNjG3P+7O0RkyYIww49qeo+jFt8ruhv6u8IhZwnXqpJjHgapcaR2Z006iz+2:343P1IYZw49qCcyfTInoHTpnR2vVKZEf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1832	2120	rundll32.exe	85
PID 2120 wrote to memory of 1832	2120	rundll32.exe	85
PID 2120 wrote to memory of 1832	2120	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\06794ea322e2fdbb1b04349a2f8b5ef2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\06794ea322e2fdbb1b04349a2f8b5ef2_JaffaCakes118.dll,#1
  2⤵
  PID:1832