64f4f692b32dd73a9eaa59daa55ef4fcf527c9132fa6a83a809c29bd0846cd61

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 11:08

Target

a95b4faf3336025e36399ae3b19db643_JaffaCakes118.dll
Size

212KB
MD5

a95b4faf3336025e36399ae3b19db643
SHA1

b667ce20764a34f32d00787706abe7392b79a991
SHA256

64f4f692b32dd73a9eaa59daa55ef4fcf527c9132fa6a83a809c29bd0846cd61
SHA512

c6b6f6b3b1eb27f3e02f8d6fc0cb40a04b54cbb582876d786c73201f578787215c4939f3325809324624c693d1d3c4f2e92b154fcc24631cc17af4657a8389de
SSDEEP

6144:yWZ7CamC0bh2VIaVKPjF+ucHCQs0hG5YKGuMSYd:tWy0bhLPjFAHM0hG5Zv/k

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 1236	2984	rundll32.exe	89
PID 2984 wrote to memory of 1236	2984	rundll32.exe	89
PID 2984 wrote to memory of 1236	2984	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a95b4faf3336025e36399ae3b19db643_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a95b4faf3336025e36399ae3b19db643_JaffaCakes118.dll,#1
  2⤵
  PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4368,i,5047420736443372512,9747851268033796534,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:8
1⤵
PID:1188

memory/1236-0-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download