fe510dcd548766fa5729d5fa3bf9f47689076497d2eee0902fb1daa990152d49

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 16:23

Target

9ecb6064b6d8a9e8029b8b6352c4bdc1_JaffaCakes118.dll
Size

78KB
MD5

9ecb6064b6d8a9e8029b8b6352c4bdc1
SHA1

74d2c0acb5b678c1c2d39552641d4ebb9cde9993
SHA256

fe510dcd548766fa5729d5fa3bf9f47689076497d2eee0902fb1daa990152d49
SHA512

2e0b14fe450442e2e23e46bc6217465dcd691ceaa2c117a555d8eab1be3e914e2c35a1a6fc9b57774e6d699a97268149027dfadcb412b15c0cc2e1d6859581c6
SSDEEP

1536:8XzMPW9WN+NJlr8BoXSDCkoBoFIboVMHODUPP8w38W9OnbcYn6miify:8XAPVXoXdkoBoFIboVJUPP8w38W9Onbx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 5016	3176	rundll32.exe	92
PID 3176 wrote to memory of 5016	3176	rundll32.exe	92
PID 3176 wrote to memory of 5016	3176	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ecb6064b6d8a9e8029b8b6352c4bdc1_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ecb6064b6d8a9e8029b8b6352c4bdc1_JaffaCakes118.dll,#1
  2⤵
  PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:2592