cf6a6b42c3bc2d89573c718844e791d34ebe6376f5adc880bd25316fa2a579a1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 07:52

Target

074a230a5774b87d88b0c587c2dd92c4_JaffaCakes118.dll
Size

330KB
MD5

074a230a5774b87d88b0c587c2dd92c4
SHA1

ad462fba3c4e16ffab73f6b0af30d9efba7bc752
SHA256

cf6a6b42c3bc2d89573c718844e791d34ebe6376f5adc880bd25316fa2a579a1
SHA512

0586000b701929f0e862e0959831b197aa144223887b8c0a0e43d25e5c4799ee951ea7b889e6acc7ffc400fec0653d4f5f37a3d1cc52cafb573200047f70a1ff
SSDEEP

3072:XRq1sFAd2gQ5PmBvNZwnnq1gn2RvoXiDzAYgrO1v2F5j8eFu:Bq1sFAwgwmBv3wnIgG4oAYxvU54eu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 3868	4036	rundll32.exe	91
PID 4036 wrote to memory of 3868	4036	rundll32.exe	91
PID 4036 wrote to memory of 3868	4036	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\074a230a5774b87d88b0c587c2dd92c4_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\074a230a5774b87d88b0c587c2dd92c4_JaffaCakes118.dll,#1
  2⤵
  PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3820 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:4904