c4da827e9bb47590879c44ad278bf07698cbe8ffba6506bf7c929e57936edd61

Analysis

max time kernel
140s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23/06/2024, 23:37

Target

046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll
Size

261KB
MD5

046321d58a630bd0e1ef819231d33852
SHA1

879ad817e0b5d47ca58b4fae0954267fa7b7041c
SHA256

c4da827e9bb47590879c44ad278bf07698cbe8ffba6506bf7c929e57936edd61
SHA512

9a94e6ba26eeeecdef5cd1cf9a9fdf7b22fdb56c26492c7f227986811e7954f939f8af21f3ad95f942335f8cb00b74352efd9adc01234a801f7e8968bbf259af
SSDEEP

6144:oueNwFt9jg01FmylTzY60bIwLiT4wHJekzxHp6B5D:OAc01FmytzYxIwLbwHJeklpK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1680	2432	rundll32.exe	91
PID 2432 wrote to memory of 1680	2432	rundll32.exe	91
PID 2432 wrote to memory of 1680	2432	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\046321d58a630bd0e1ef819231d33852_JaffaCakes118.dll,#1
  2⤵
  PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:4996