8d4f8195d224286d3a0f32413fd29dc5aa5d2043c7602cae2af23d50e73bac35

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-06-2024 19:47

Target

0034b9eddb974c67058b49e2ccf9b6c0_JaffaCakes118.dll
Size

26KB
MD5

0034b9eddb974c67058b49e2ccf9b6c0
SHA1

04a7553b7591878ec4fa3de7d9c8e07ef9fc1ea6
SHA256

8d4f8195d224286d3a0f32413fd29dc5aa5d2043c7602cae2af23d50e73bac35
SHA512

639f4151806490e638e504a44f6708d8176a15e0c3beda077a7c3abf3a4cb714810ecfa3cf8ccfcf9fe629f16a24fc26c058de2c1189076ae79a01c124a302fd
SSDEEP

768:9nE2x79NgRmiM3SUKV/H4xRIkFkMRAseODXwgev:9E2x2VNV/YN2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 3352	4544	rundll32.exe	91
PID 4544 wrote to memory of 3352	4544	rundll32.exe	91
PID 4544 wrote to memory of 3352	4544	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0034b9eddb974c67058b49e2ccf9b6c0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0034b9eddb974c67058b49e2ccf9b6c0_JaffaCakes118.dll,#1
  2⤵
  PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4552