9133cdff4386c24cd3eec3b86fb870d48049b7b5a033b0118a0af71dbac87b4f

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 20:15

Target

f43e5e8edec153d0f14b0645539eb8b6_JaffaCakes118.dll
Size

28KB
MD5

f43e5e8edec153d0f14b0645539eb8b6
SHA1

c57850ad1a42bab9505664a889a25af202278df0
SHA256

9133cdff4386c24cd3eec3b86fb870d48049b7b5a033b0118a0af71dbac87b4f
SHA512

ce555c6cd9f5ea1ab896d28318e582edfbdb246b754e0c2258566aae886a73377de55d9508e992c280830e61c83e10aaa4ed36726fb934ca933c14a49abd6575
SSDEEP

768:Qs5WdqI2wCtTuzThq28GkHGOat5KxLBH9:Qs5WdS/GqVGkecVh9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 3432	3404	rundll32.exe	91
PID 3404 wrote to memory of 3432	3404	rundll32.exe	91
PID 3404 wrote to memory of 3432	3404	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f43e5e8edec153d0f14b0645539eb8b6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f43e5e8edec153d0f14b0645539eb8b6_JaffaCakes118.dll,#1
  2⤵
  PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:1640