491ab3b738cf1f7cac011916963709681c24813cf6cd9b19f8a198a5e70aa88f

Analysis

max time kernel
131s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 03:50

Target

0c61d03709e422bc2956c971f81ff232_JaffaCakes118.dll
Size

42KB
MD5

0c61d03709e422bc2956c971f81ff232
SHA1

f1323be1644f78e9378f6ad1382731c78aad9cd9
SHA256

491ab3b738cf1f7cac011916963709681c24813cf6cd9b19f8a198a5e70aa88f
SHA512

79330ee8ca7c4c291bb5c9365b2a5bed129c75fd0a68125ee11575475da7cc3c527fe9eb86c6d32959ef5cb1c092a7eb293734d489513c05d3baadc043c61162
SSDEEP

768:HjjlTmlaLP4E1r/XmR62Nqm/lblVHwlutXkm2rtH9bS973Hxp4PgTL:H9ClaDJ1jdOlyQ6pdbS9rRpR/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3268	4788	rundll32.exe	88
PID 4788 wrote to memory of 3268	4788	rundll32.exe	88
PID 4788 wrote to memory of 3268	4788	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c61d03709e422bc2956c971f81ff232_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c61d03709e422bc2956c971f81ff232_JaffaCakes118.dll,#1
  2⤵
  PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
1⤵
PID:2692

memory/3268-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download