c581d047d157c1e345c642259db23f7d81582b04c881c1aedf5ec270e42f81bd

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/06/2024, 01:13

Target

0692200aa28664f8c6370bf499cfb430_JaffaCakes118.dll
Size

72KB
MD5

0692200aa28664f8c6370bf499cfb430
SHA1

ac5872034db9add662e1de6af0d68848d8d8f840
SHA256

c581d047d157c1e345c642259db23f7d81582b04c881c1aedf5ec270e42f81bd
SHA512

955d09155b14e9f08e58513c3a0bd5f5ba121d7c2c9041cbba551179acb4ed054006303c6a365fddb583f4272b206668a5027dede97c06c8f0e5afca4de6d94c
SSDEEP

768:knaQ46KcdJrLNoGu87dzDUYzAUdRkbbCG3n9N1k1EC11AXElQ3RG6ts:kgc3e+pDZO2G39Tk1z11YGQFs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2876	2696	rundll32.exe	90
PID 2696 wrote to memory of 2876	2696	rundll32.exe	90
PID 2696 wrote to memory of 2876	2696	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0692200aa28664f8c6370bf499cfb430_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0692200aa28664f8c6370bf499cfb430_JaffaCakes118.dll,#1
  2⤵
  PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3128