f875c45fb2278e84b6aeecef036d6dc436eb88d94c025f867e9e798fb30a4490

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 00:45

Target

018163cdb9a30e63530bf27aca4f8003_JaffaCakes118.dll
Size

37KB
MD5

018163cdb9a30e63530bf27aca4f8003
SHA1

93c2ef284ee0b0f7c53826f983a24cc68e6239d1
SHA256

f875c45fb2278e84b6aeecef036d6dc436eb88d94c025f867e9e798fb30a4490
SHA512

3d8ecfe83a5981f3ffcc6cf23ebec7f70afdbf40459eef049cdfdf00c528048820e0dd8039d11b58f153cb11ecc1506ab5c284e5b805745b82e573bbef0e408f
SSDEEP

768:oBaJkIUVTwbO8dKhgDgoa0jDIJC1Mqi4uKjlHIPISH:RkI4rBxoagIk1Mqi4usoX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91
PID 5008 wrote to memory of 2132	5008	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\018163cdb9a30e63530bf27aca4f8003_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\018163cdb9a30e63530bf27aca4f8003_JaffaCakes118.dll,#1
  2⤵
  PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:4540