0cbfc8e200605126b802cc50005cf9f46310ba69e5e19c8d7e6324a91446f07e

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 18:15

Target

816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll
Size

284KB
MD5

816e573ee9272eb771cdfff05ecbad55
SHA1

c6a2df47312fc141019bf6e27c96e71701b8edc3
SHA256

0cbfc8e200605126b802cc50005cf9f46310ba69e5e19c8d7e6324a91446f07e
SHA512

33e5ed976b1429108497dc6137b45d96ce4410213e8395b91e51dee7ca401e29cdc8bb2aaf7742770589825022d8bfe17c79df8b67a6b01f4777c39c64a9097c
SSDEEP

6144:OwSDVSGloBLJjp7iEFfjeuHSxgjRxuShjFfUR3PrBtyx:sxlowKfiNxgjRICx03PrB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1248	1184	rundll32.exe	91
PID 1184 wrote to memory of 1248	1184	rundll32.exe	91
PID 1184 wrote to memory of 1248	1184	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\816e573ee9272eb771cdfff05ecbad55_JaffaCakes118.dll,#1
  2⤵
  PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
1⤵
PID:2988