439b005f40f4f557e046e75e01d9dc5dd163c130243c735525542f36690318d8

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:25

Target

0331691093adfbe82ef107f91e1e93b0_JaffaCakes118.dll
Size

128KB
MD5

0331691093adfbe82ef107f91e1e93b0
SHA1

21d1cf9c484d394f9aa9df4fb7a00e058804c6b0
SHA256

439b005f40f4f557e046e75e01d9dc5dd163c130243c735525542f36690318d8
SHA512

ed2e2115a2ce014db86c750111b297b37e7294e14bf60bb373bcb1fab2c1c70c4fc81d0b2255c5df763557f9c2ccec9facb0d189c1d946d06b9a21a42d35915d
SSDEEP

384:HeYT0opIyPY9t3SB0JJcD6dRNJI3vtUfOiDzQqoad8c0SL2MehB9ybBJtmvuZF:HeYN7PvpD6dpI3vtziDtodh6brcvq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 5092	1600	rundll32.exe	92
PID 1600 wrote to memory of 5092	1600	rundll32.exe	92
PID 1600 wrote to memory of 5092	1600	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0331691093adfbe82ef107f91e1e93b0_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0331691093adfbe82ef107f91e1e93b0_JaffaCakes118.dll,#1
  2⤵
  PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
1⤵
PID:4172

memory/5092-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download