1294b108448c2c460ec49a82229bc540d3d822bfc61e4781946a62a9fb449f5d

Analysis

max time kernel
133s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 01:33

Target

184ef575f212c10be6d70b00022d7752_JaffaCakes118.dll
Size

34KB
MD5

184ef575f212c10be6d70b00022d7752
SHA1

3410c7913ba8e6f61e2a52f4aeeb48c283cd8b08
SHA256

1294b108448c2c460ec49a82229bc540d3d822bfc61e4781946a62a9fb449f5d
SHA512

5b85b3ba2064ec20d9bef3994d24c2c6ddfb4595215c312e6d0de03ff12988109bff083f22b3418154d008021b09b72d00e6dd4742e2f703c653fdb9d6ad9f9e
SSDEEP

768:N7mRDL0cgngbMzSJOQc7S/DftqqhnP0RROg5:5mRD7gHzS0d7S/1pMRROC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 4188	1188	rundll32.exe	90
PID 1188 wrote to memory of 4188	1188	rundll32.exe	90
PID 1188 wrote to memory of 4188	1188	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\184ef575f212c10be6d70b00022d7752_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\184ef575f212c10be6d70b00022d7752_JaffaCakes118.dll,#1
  2⤵
  PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1820,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:8
1⤵
PID:2972