888e73ee4095509a1dbd713ebc2668c1aa5f6c50560fe01dfb0872119fb29967

Analysis

max time kernel
139s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 01:05

Target

019943e6e991221151919ba9ef14382a_JaffaCakes118.dll
Size

45KB
MD5

019943e6e991221151919ba9ef14382a
SHA1

0dacd2a77e11d7cfda3b1f35f3e84d1800e9a837
SHA256

888e73ee4095509a1dbd713ebc2668c1aa5f6c50560fe01dfb0872119fb29967
SHA512

ef2760d220c201cccacd1b3c31f922a3ec092a2b08079a43bf99663a9a8336c4d53528e40579fa15a7a4b2e5605913f13a047417c4f0a2db7846fde946fa74c9
SSDEEP

768:jOGqkF7aVsz9GczcFb4p2MeuVdWs3hCUQIzLOk//xDwtwoqYcDh0Lvy1cccccp:6GqO7aVsZiI3LVF3FOkxDwtwoTt7b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 116	3016	rundll32.exe	90
PID 3016 wrote to memory of 116	3016	rundll32.exe	90
PID 3016 wrote to memory of 116	3016	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\019943e6e991221151919ba9ef14382a_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\019943e6e991221151919ba9ef14382a_JaffaCakes118.dll,#1
  2⤵
  PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4484,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
1⤵
PID:4920

memory/116-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download