d66da5ddbc4f0028e0216f43ea072cb486086c7ec2bce02397f1f271fe03bf76

Analysis

max time kernel
125s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 18:48

Target

171d46d8be7b1b5992e234b10556f723_JaffaCakes118.dll
Size

448KB
MD5

171d46d8be7b1b5992e234b10556f723
SHA1

173be23c8da4dbe2a1c7203823bcea1adfd71620
SHA256

d66da5ddbc4f0028e0216f43ea072cb486086c7ec2bce02397f1f271fe03bf76
SHA512

fc47baf3a272b376c0b88162bbf19cd3d2d554c2b8b332380c16bced117b9ba192c9c910b9eb40d3861fc5306cfb3086ed79c4476a21f099b1d45516295f475d
SSDEEP

6144:6vb7+nP2u/Oa9AOIN2Oy9AhU0l4+ZGxHBXGjy5olGVslU9EMlT7d:Kb7nJ0y7wAbRUhWjyrlXd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 2060	3740	rundll32.exe	89
PID 3740 wrote to memory of 2060	3740	rundll32.exe	89
PID 3740 wrote to memory of 2060	3740	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\171d46d8be7b1b5992e234b10556f723_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\171d46d8be7b1b5992e234b10556f723_JaffaCakes118.dll,#1
  2⤵
  PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4148,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=1412 /prefetch:8
1⤵
PID:1368