10b7655d26c3a7fc23ea6179c7853f1ce073511a9785a3dc54670daff521291d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2024 12:16

Target

179f8339027039863bb21cbf05cb03f2_JaffaCakes118.dll
Size

1.1MB
MD5

179f8339027039863bb21cbf05cb03f2
SHA1

183e32a22c21743b0b4dde9d186450a53cacc2d0
SHA256

10b7655d26c3a7fc23ea6179c7853f1ce073511a9785a3dc54670daff521291d
SHA512

0141796b8f06ba7a8ecfaaac63b6d7c2a567e50d0ee99ac7f8a242093b31c74e17c9150efe800ed2ab015dbb23ab8fed8b5b08331829788dbbeb4bd275b3d33c
SSDEEP

24576:x5ZIU3ZZYvxM5n0gF97oIlYIJxrzkpakUwguJjf6:FIMegfF9ze65zkAkUI6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4668 wrote to memory of 1904	4668	rundll32.exe	rundll32.exe
PID 4668 wrote to memory of 1904	4668	rundll32.exe	rundll32.exe
PID 4668 wrote to memory of 1904	4668	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\179f8339027039863bb21cbf05cb03f2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\179f8339027039863bb21cbf05cb03f2_JaffaCakes118.dll,#1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4156 --field-trial-handle=2304,i,6987730730348465820,3913273227385401271,262144 --variations-seed-version /prefetch:8
1⤵
PID:1168