1634841c5af62a42bd682dca17f9f6db6cfe15e6c7c44b7cfa3cfbfc78fa28af

Analysis

max time kernel
133s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2024 08:51

Target

943906dd392705bce3d0966078e72e8f_JaffaCakes118.dll
Size

840KB
MD5

943906dd392705bce3d0966078e72e8f
SHA1

5a82146e4e64a9c28c25c4ae9bcaa926db3aa64d
SHA256

1634841c5af62a42bd682dca17f9f6db6cfe15e6c7c44b7cfa3cfbfc78fa28af
SHA512

8bc98729db0044915a83d8048eedefa183a9eefb122a472d27a61e24708b199d719e6722f21d04c48d24d94cf0b5ebe4f21465ae327341bdc966f32aa92cf656
SSDEEP

12288:JWxrh0Ozt5/DsTW3wRjNPqU8VyPwl/e0w/eT+TGCmAqN9SLFtRsocy5:JWrlt5pAdNP5Pw5g3Tm/8cS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 1924	4824	rundll32.exe	90
PID 4824 wrote to memory of 1924	4824	rundll32.exe	90
PID 4824 wrote to memory of 1924	4824	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\943906dd392705bce3d0966078e72e8f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\943906dd392705bce3d0966078e72e8f_JaffaCakes118.dll,#1
  2⤵
  PID:1924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,6166776566165096562,4582328833313060853,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:8
1⤵
PID:3424