a093015600887c8739d530c63b3e1c1356ba5631c8bb6fdf5fd09c89e064f7da

Analysis

max time kernel
125s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 14:12

Target

0e5f89babb15a5ce7df9419d56eb6cb2_JaffaCakes118.dll
Size

33KB
MD5

0e5f89babb15a5ce7df9419d56eb6cb2
SHA1

aea1a89e41cc6b21ee429d136d84cdc9a4b774ce
SHA256

a093015600887c8739d530c63b3e1c1356ba5631c8bb6fdf5fd09c89e064f7da
SHA512

9a7d3e0511f2cf3900d0b56da168146a07419e7a8be6a63bf7fe4d99f33725cb5e8bb70ed1a2c0b211687abc41dab6637510cd579e27d952c1f26e538027b7ee
SSDEEP

768:H7v1b7TDuSxa/0xyDcl27l5+uMSVOiuGROku9A:Hz1b9a/3A47l5+uVFRFu+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 1460	3260	rundll32.exe	88
PID 3260 wrote to memory of 1460	3260	rundll32.exe	88
PID 3260 wrote to memory of 1460	3260	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e5f89babb15a5ce7df9419d56eb6cb2_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e5f89babb15a5ce7df9419d56eb6cb2_JaffaCakes118.dll,#1
  2⤵
  PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1324,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
1⤵
PID:3212