037d57f0810e7c891c730c6f86d0eaefadd79fb703afdc666f051b236a887aea

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 06:47

Target

feb0bc1f639b7599db2da587b44ec364_JaffaCakes118.dll
Size

160KB
MD5

feb0bc1f639b7599db2da587b44ec364
SHA1

98aa75faddafe3517d68d1fab566b32ee94a0e57
SHA256

037d57f0810e7c891c730c6f86d0eaefadd79fb703afdc666f051b236a887aea
SHA512

790031896cbe072717db81b1cebc0cea6c76bebf137aa8728195a732a0756a06ecc996b5d4b6beabb5cecb25995c91aa4379084014ca45f7b97dbf9534e1c512
SSDEEP

3072:nU+DlRKLTVAgqbTAa/cpv3Nza0fxgrNTk1/b/QZQ16boOwIi99K:nU+DjKNFqbTAtd3OcAoOw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 656	4620	rundll32.exe	91
PID 4620 wrote to memory of 656	4620	rundll32.exe	91
PID 4620 wrote to memory of 656	4620	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\feb0bc1f639b7599db2da587b44ec364_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\feb0bc1f639b7599db2da587b44ec364_JaffaCakes118.dll,#1
  2⤵
  PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3908 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5484

memory/656-0-0x0000000002280000-0x00000000025AE000-memory.dmp

Filesize
3.2MB

Download
memory/656-1-0x0000000002280000-0x00000000025AE000-memory.dmp

Filesize
3.2MB

Download