3fd1d12b4527b3b599ec0f4325dfd44a61ddc2cad028ab36f97e910a6ca47a99

Analysis

max time kernel
132s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 06:09

Target

f9aab8706b932efa3934b38d21a527e6_JaffaCakes118.dll
Size

24KB
MD5

f9aab8706b932efa3934b38d21a527e6
SHA1

2ec1970dc7abb4c53efa8b898e991dd7d04ccfa9
SHA256

3fd1d12b4527b3b599ec0f4325dfd44a61ddc2cad028ab36f97e910a6ca47a99
SHA512

e13f058a19fed6596603b4d2de650558cbbe6149f862041a08223cbbe297aa700bc19922debfa1f428edfb8cf7ecdfbf75ef3551dc8219429e3f0e9e72c85901
SSDEEP

192:KsNGS9RWanc9Lht82SrBOUzk9m4VM8GjFVemPej8V1TqMXkI:KcG8W59LhtEQA/4O82FV9PS8VkwkI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 4848	4740	rundll32.exe	92
PID 4740 wrote to memory of 4848	4740	rundll32.exe	92
PID 4740 wrote to memory of 4848	4740	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9aab8706b932efa3934b38d21a527e6_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9aab8706b932efa3934b38d21a527e6_JaffaCakes118.dll,#1
  2⤵
  PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4056,i,7343566111344912903,8618626735805026283,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
1⤵
PID:4672