80eb6de487248d8144056a6dd805780e54b9b6df50f39f9a2b38d1d36278fadf

Analysis

max time kernel
136s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 02:02

Target

01e312d75380f55951b0e0d520545a29_JaffaCakes118.dll
Size

6KB
MD5

01e312d75380f55951b0e0d520545a29
SHA1

846bb94fac45ff67e351ea402a67abecc3f342a8
SHA256

80eb6de487248d8144056a6dd805780e54b9b6df50f39f9a2b38d1d36278fadf
SHA512

3494144e21d4eef64da1fd51eac099ad83b350e0b429d81bee213c82e92ff1c0468b552871354b3892f97fddbe68f6b8ce32c20c6912518fb3ee408cd12f5e06
SSDEEP

48:aGycpK0ptbXbInpCdys9zTh38E4IIZWiw4z8XU5WwG2IozbC:xvLrTbjdysVTqeEW3E8XIWwG6b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 4240	544	rundll32.exe	90
PID 544 wrote to memory of 4240	544	rundll32.exe	90
PID 544 wrote to memory of 4240	544	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01e312d75380f55951b0e0d520545a29_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01e312d75380f55951b0e0d520545a29_JaffaCakes118.dll,#1
  2⤵
  PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4084,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:8
1⤵
PID:3220

memory/4240-0-0x0000000000D90000-0x0000000000D96000-memory.dmp

Filesize
24KB

Download