e76fb911d43941852d91d028941f6ac8914a227e6c84e43af09b4d1c25dbb0d8

Analysis

max time kernel
145s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 04:55

Target

fe7ae18af53c793a8d656bb97dd02dd2_JaffaCakes118.dll
Size

60KB
MD5

fe7ae18af53c793a8d656bb97dd02dd2
SHA1

9d910aeeac09ef3839833405df514298c86184fa
SHA256

e76fb911d43941852d91d028941f6ac8914a227e6c84e43af09b4d1c25dbb0d8
SHA512

047775f2f0d948bf46e65d186b3db444a53f4af67e4f9477eefbc6a057d92c405405073a92eb879869c24793aceef76fccd2193f46426489be7f4984e64d3f2b
SSDEEP

1536:385zqrYWYVw53Cr8PZPOsLFFbHNxaV8o6aSkuP:3izqrNGGq8PksLbbHN48onu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 3432	940	rundll32.exe	91
PID 940 wrote to memory of 3432	940	rundll32.exe	91
PID 940 wrote to memory of 3432	940	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7ae18af53c793a8d656bb97dd02dd2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe7ae18af53c793a8d656bb97dd02dd2_JaffaCakes118.dll,#1
  2⤵
  PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:1772

memory/3432-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download