a5937eddbeacaa32c54c283702c3c30d70942a5b4f2bc8506f95738b5c19827c

Analysis

max time kernel
124s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 05:40

Target

f2ce42d8c22a803646f831331a062d16_JaffaCakes118.dll
Size

117KB
MD5

f2ce42d8c22a803646f831331a062d16
SHA1

3acfa21fcff254650eec286ceea069453e99b8a1
SHA256

a5937eddbeacaa32c54c283702c3c30d70942a5b4f2bc8506f95738b5c19827c
SHA512

3cd95b1359590009aceb859041b7eef0a2e3e36959ed2bf54a9663eac6610417239597479cefa6f3d6347a5490e132f1bbccd5bdf415a3973b74e9f98a9bcce9
SSDEEP

3072:34zmeBwtFrwGLVSa2xmrUk+MXD/E/omyuWr1Py:ymPthp5gIDc/dyuW5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3888 wrote to memory of 4784	3888	rundll32.exe	88
PID 3888 wrote to memory of 4784	3888	rundll32.exe	88
PID 3888 wrote to memory of 4784	3888	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2ce42d8c22a803646f831331a062d16_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2ce42d8c22a803646f831331a062d16_JaffaCakes118.dll,#1
  2⤵
  PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1440,i,5838972776061051553,16186488414347324308,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
1⤵
PID:1368