cf74a98b694d6addc28be26a056e5193aad2fcd4a97007599de0a7a19737c13c

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 12:43

Target

2a060a5bedbe2b3c1a2faa16c5f9e93d_JaffaCakes118.dll
Size

166KB
MD5

2a060a5bedbe2b3c1a2faa16c5f9e93d
SHA1

ae3a8228e4de6a84a8956b14d16272176260721e
SHA256

cf74a98b694d6addc28be26a056e5193aad2fcd4a97007599de0a7a19737c13c
SHA512

ed887ccdb7cc6d817c34ea685a8191f7066cb034f55d2aeb6a373a7ae635fd5dd8a439350ca466732e6c895777d95ce21c1eac4c7ffba8f92af3fda388467dee
SSDEEP

3072:JLFrb30BRtBZZg+i2ayyYOCWGPyLydrkxMT3QgKE5alsoJEUrZ:NJ0BXScFyfC3Hd4ygy5Vov

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4140 wrote to memory of 4656	4140	rundll32.exe	rundll32.exe
PID 4140 wrote to memory of 4656	4140	rundll32.exe	rundll32.exe
PID 4140 wrote to memory of 4656	4140	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a060a5bedbe2b3c1a2faa16c5f9e93d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a060a5bedbe2b3c1a2faa16c5f9e93d_JaffaCakes118.dll,#1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3760 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:3436