867bc31be496224955bccdeb5b99cc6d0cfdcce43e3bbb8915cfced0bb162c87

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 23:21

Target

0b3a354a25a7936b4f94dcf9119b55dc_JaffaCakes118.dll
Size

476KB
MD5

0b3a354a25a7936b4f94dcf9119b55dc
SHA1

8440a5c88d4087ad0e2b8e3e523960d820bc2a37
SHA256

867bc31be496224955bccdeb5b99cc6d0cfdcce43e3bbb8915cfced0bb162c87
SHA512

c499785a99f741c6e71c07bc1221ef86ce23951731946d4ace04717f317b13340f9b8f6d777ac090db58a19432b76c4a821fe1d3f2ad0b33903eea0fe0d6d3f1
SSDEEP

6144:GkkZZUXmriprBk05Ve2aIc0Pm4PanPN28PXOYSNxQpn6d/ed0SRdATt3XMoDEnER:GhUXEipmD2at0NGe/e2G6ZnDkI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 892	2940	rundll32.exe	88
PID 2940 wrote to memory of 892	2940	rundll32.exe	88
PID 2940 wrote to memory of 892	2940	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3a354a25a7936b4f94dcf9119b55dc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3a354a25a7936b4f94dcf9119b55dc_JaffaCakes118.dll,#1
  2⤵
  PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4404,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:8
1⤵
PID:4928

memory/892-0-0x0000000010000000-0x000000001007B000-memory.dmp

Filesize
492KB

Download