228274ec59d4df252066f25d53a4ab46a5faae4690fbc893cbd516bfdeaeff77

Analysis

max time kernel
125s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 10:27

Target

f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll
Size

212KB
MD5

f58f99e9d62b7626b612be6bce4980b7
SHA1

82d680de6dd3c5405b2054e729f11ba2e4aa37a7
SHA256

228274ec59d4df252066f25d53a4ab46a5faae4690fbc893cbd516bfdeaeff77
SHA512

0035f6af608c7b76512aadcaeb7f73f34704663e87e1de441b73529aa69bb1eb3eb11001b0c0ece5854b3bd2dad75d0928cd2b345f60b3a292c5e126a6aa1bdb
SSDEEP

6144:4sRcD8u1T9zltjV6XeoOow+AOqYPDixq:4sCD8u19zleeopPZixq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 1532	4892	rundll32.exe	92
PID 4892 wrote to memory of 1532	4892	rundll32.exe	92
PID 4892 wrote to memory of 1532	4892	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f58f99e9d62b7626b612be6bce4980b7_JaffaCakes118.dll,#1
  2⤵
  PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3916,i,10943981808815347339,15838841970612097850,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:8
1⤵
PID:3200