34b674c755d4db95787f8eb6943ef56a164005d5984ccb833ff9e8ac924463e6

Analysis

max time kernel
95s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 18:40

Target

3a4eb60fa71bb73aa621bac2e97b41de_JaffaCakes118.dll
Size

19KB
MD5

3a4eb60fa71bb73aa621bac2e97b41de
SHA1

02b2b61a386d4cbdfb620df4ff1e0592555b3804
SHA256

34b674c755d4db95787f8eb6943ef56a164005d5984ccb833ff9e8ac924463e6
SHA512

874295c8df368bab0efbdf3e9f818d9898a666ee5d5a7f8dde539597a8a3e2ca1478aa376746648e0f699c64a9e01bd9c7dab80e208001b12377ff230bc049ab
SSDEEP

384:iQGT8SyRewSJprjrFnnCp7/bBWYDOoO9jq91I:iQG47RewSJJjrFCllFDOLW91I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 4416	648	rundll32.exe	84
PID 648 wrote to memory of 4416	648	rundll32.exe	84
PID 648 wrote to memory of 4416	648	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a4eb60fa71bb73aa621bac2e97b41de_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a4eb60fa71bb73aa621bac2e97b41de_JaffaCakes118.dll,#1
  2⤵
  PID:4416