681d5c2676911197c292311787e0788a9f9c468f6380ce7033722a6c6234146a

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:23

Target

82e2599cc4024e5b53acf1fbf84b3d46_JaffaCakes118.dll
Size

4KB
MD5

82e2599cc4024e5b53acf1fbf84b3d46
SHA1

f10bd164cc89b9309546d2e686bb5fc0fa2ec38a
SHA256

681d5c2676911197c292311787e0788a9f9c468f6380ce7033722a6c6234146a
SHA512

8e3445eb5cfe79b155505c7e2aa9139c873387ff08dc213f1832097dd73da0c068922dc59f85ea8525ea51bef146aaa7539e65de3199d11f70d870390c0582e6
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJDGbfy7gSQlPLK/v5sS4:MTWnRZ0lJDuyG8sd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4012	228	rundll32.exe	90
PID 228 wrote to memory of 4012	228	rundll32.exe	90
PID 228 wrote to memory of 4012	228	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\82e2599cc4024e5b53acf1fbf84b3d46_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\82e2599cc4024e5b53acf1fbf84b3d46_JaffaCakes118.dll,#1
  2⤵
  PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3708 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
1⤵
PID:1924