216176dc644a3d7cdb523a6f6b352aa96674e6e2e9b52798b237069c6d2f313a

Analysis

max time kernel
126s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 02:06

Target

b1404c414e19502b68acb441a8e74f9c_JaffaCakes118.dll
Size

2.0MB
MD5

b1404c414e19502b68acb441a8e74f9c
SHA1

945a08ceae17e71979558eb7b5a5af1d65ee94fc
SHA256

216176dc644a3d7cdb523a6f6b352aa96674e6e2e9b52798b237069c6d2f313a
SHA512

82f4cead3f55fa0958c4a647f071b81d3b57f260ba4adcdb7af0e89a6d3f4e10d8848d459f57deb33a5a3b3cd026868b3428eb95c45dbfca9553d827c945a0cb
SSDEEP

49152:CNPvbhREMw6USDdA6D2/O7fXbeZULDQzJXuQ:0REX6USDZa2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 2808	1532	rundll32.exe	91
PID 1532 wrote to memory of 2808	1532	rundll32.exe	91
PID 1532 wrote to memory of 2808	1532	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1404c414e19502b68acb441a8e74f9c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1404c414e19502b68acb441a8e74f9c_JaffaCakes118.dll,#1
  2⤵
  PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3920,i,5229431749694857451,16836185654682871752,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
1⤵
PID:1448