b01e03e61fd70b5fb468aaf1a74be395497247d7d4982678dca8300176e0dd7c

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-06-2024 08:16

Target

044b83136da2923efa03f77d5bd77091_JaffaCakes118.dll
Size

90KB
MD5

044b83136da2923efa03f77d5bd77091
SHA1

2dda8e300142d04e8bcd356915aa5cd7474a3457
SHA256

b01e03e61fd70b5fb468aaf1a74be395497247d7d4982678dca8300176e0dd7c
SHA512

77305163abdbfa2698a2694f58c31dba2f33a02396086f1b83456f9f6ef222977004f9babd497718a7cb966ce51f39fb25897a11d35cb27ac5a08c14c12482b7
SSDEEP

1536:LjM5+Wq01iO2JuwHHDBTFTbaD4PcwrINB6nr8oeUxCN:vM7BfriH1TxGkPirmxCN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 1984	4248	rundll32.exe	91
PID 4248 wrote to memory of 1984	4248	rundll32.exe	91
PID 4248 wrote to memory of 1984	4248	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\044b83136da2923efa03f77d5bd77091_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\044b83136da2923efa03f77d5bd77091_JaffaCakes118.dll,#1
  2⤵
  PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3972 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
1⤵
PID:3716