35c1d0da90e476b098825a9c29a30b7be23fff241db9d9e98d2e8b5873c9d449

Analysis

max time kernel
95s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 12:38

Target

34c0b380e195005ead5bc9e6d52b63cf_JaffaCakes118.dll
Size

340KB
MD5

34c0b380e195005ead5bc9e6d52b63cf
SHA1

f8730e46b69b196049cf18281f45f88cd42ed663
SHA256

35c1d0da90e476b098825a9c29a30b7be23fff241db9d9e98d2e8b5873c9d449
SHA512

298140debd6c0cf24b0d8db534ece3859b92cc093d54fd8c69ed97dde1777f1ac9c0c62a86bfc87b36b8d39f565e495184aa8943585a93c70e54d6faeea9bf1c
SSDEEP

3072:wvA1p08RqEQAIVEd2gG/vNlo0JFx/pANyCm0PQEKR/JnXHWP:w206xWgGxLxWN40PDKR/JnX2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3756	4752	rundll32.exe	83
PID 4752 wrote to memory of 3756	4752	rundll32.exe	83
PID 4752 wrote to memory of 3756	4752	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\34c0b380e195005ead5bc9e6d52b63cf_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\34c0b380e195005ead5bc9e6d52b63cf_JaffaCakes118.dll,#1
  2⤵
  PID:3756