7b4c76d18a5976267d498b3ed6f7307c043926d2f3bf7f354528b4c0c8f588ae

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 12:57

Target

3934d473e3b259d4287a828253299c4a_JaffaCakes118.dll
Size

98KB
MD5

3934d473e3b259d4287a828253299c4a
SHA1

b96961bbf0881507b306790e7a19088ee50522a5
SHA256

7b4c76d18a5976267d498b3ed6f7307c043926d2f3bf7f354528b4c0c8f588ae
SHA512

559affbdf36b5faf7971478e121391266fbe6f406040777318c7ba35ed00fe9460d01a393d42fc6a8f5e1b2e3ea139945d4d241600032f77d43b4fa955eadc57
SSDEEP

3072:T0GjoP/qtsp3cFIDwtlcdqz6/f1FkU7hzHb:wGjE/qTF1lkmSf1KU7d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4120	2980	rundll32.exe	83
PID 2980 wrote to memory of 4120	2980	rundll32.exe	83
PID 2980 wrote to memory of 4120	2980	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3934d473e3b259d4287a828253299c4a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3934d473e3b259d4287a828253299c4a_JaffaCakes118.dll,#1
  2⤵
  PID:4120