0b20a06005948bd6e4631f38d67a915ae7fc28328a8188d42aa38611dbb869b4

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 09:02

Target

120360b6b5098c884b5e77e612f2e647_JaffaCakes118.dll
Size

1.0MB
MD5

120360b6b5098c884b5e77e612f2e647
SHA1

5aedc31e52b442b802802fa1f8d07824699df2b6
SHA256

0b20a06005948bd6e4631f38d67a915ae7fc28328a8188d42aa38611dbb869b4
SHA512

61f911ee787c4430cdf730ea50c7090d063e757722f4d5c36bc765cd0217526745daf69e653486350289d366c161a1b4df469eaff070d16e0521d32f31274659
SSDEEP

24576:VQp5BDvZNC/WMKnAcW8x9+bhrRQpBchXk3H7nbKbijLomF5S:WjDNC/WBnxGJRQpmS3j6iLA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2992	2960	rundll32.exe	90
PID 2960 wrote to memory of 2992	2960	rundll32.exe	90
PID 2960 wrote to memory of 2992	2960	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\120360b6b5098c884b5e77e612f2e647_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\120360b6b5098c884b5e77e612f2e647_JaffaCakes118.dll,#1
  2⤵
  PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:2392