5740df7b1db21505bd174bcaad5573a927f395315de167eab2775dfffba94144

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 21:44

Target

00ac70c7d287b4ef6341fb5debdaec54_JaffaCakes118.dll
Size

68KB
MD5

00ac70c7d287b4ef6341fb5debdaec54
SHA1

0a363fd30522f8da4383b3764aa03c00ad4b1d29
SHA256

5740df7b1db21505bd174bcaad5573a927f395315de167eab2775dfffba94144
SHA512

ff5fd6e2917298842bac89352cdaee77625201a4907f079256328835a36916eb75e53596c5b287e6729a1bc79a122e0acccd03dbc85f18ad7bef71a096d12521
SSDEEP

1536:qfYdx0sRnqJb6BGbsV6ToBwMCFW/jqye:qf4x0cnql6BvCoBwMC0jql

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 3580	484	rundll32.exe	92
PID 484 wrote to memory of 3580	484	rundll32.exe	92
PID 484 wrote to memory of 3580	484	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00ac70c7d287b4ef6341fb5debdaec54_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00ac70c7d287b4ef6341fb5debdaec54_JaffaCakes118.dll,#1
  2⤵
  PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3096 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4172

memory/3580-0-0x0000000001190000-0x000000000119A000-memory.dmp

Filesize
40KB

Download
memory/3580-2-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download