58d6dc7ecd1047f39fdc7e240ff22830d66d053357d9ae88ac5ad9c37da5a057

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 12:47

Target

ff4ef172cee3cc3509645f33b8955098_JaffaCakes118.dll
Size

124KB
MD5

ff4ef172cee3cc3509645f33b8955098
SHA1

e5859ce36fca58be11950d0c9fe0bf6255f40256
SHA256

58d6dc7ecd1047f39fdc7e240ff22830d66d053357d9ae88ac5ad9c37da5a057
SHA512

9d4c52075a1d29241f5dfeb1f6136b360cebbdeb5d891aa1cc633375f807d62a818c89485c4ecb17589875455bb24eda3de932397c5fb226e6a35be5efcf41c2
SSDEEP

1536:XaFRGeCT15dDxGG0xgQVqeUi//IpNPkSTN2j28zSOs10V9jiACCKrpp1/hBSpu:XaFRwFDxGvxHd//Ip9w7SV2jCCE9ZBp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 2032	4860	rundll32.exe	91
PID 4860 wrote to memory of 2032	4860	rundll32.exe	91
PID 4860 wrote to memory of 2032	4860	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff4ef172cee3cc3509645f33b8955098_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ff4ef172cee3cc3509645f33b8955098_JaffaCakes118.dll,#1
  2⤵
  PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:1344

memory/2032-0-0x0000000001240000-0x000000000124B000-memory.dmp

Filesize
44KB

Download
memory/2032-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download