fa42acab904647cec080153e4d77a8880c243d84de82344426f75c44997efecc

Analysis

max time kernel
135s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 06:12

Target

1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll
Size

367KB
MD5

1911858bcd60ebc41d69a1858a9ec4df
SHA1

9f1b1766ec3a17190c9470f3058e5c545f6a6807
SHA256

fa42acab904647cec080153e4d77a8880c243d84de82344426f75c44997efecc
SHA512

4887f094c394da50688303d729b9b551398759e9bee51f2af33a43a3922bb27260ff25b19ded3c7bbe974c73746d1bcace9cacad12744325668054198180b3ed
SSDEEP

6144:75YOb2ONqSVJlhvwUFe8oSFr/Y8RtlXne/PSOdqT1mOrx5OaVVqz:75YBOflfFewfRtG3DQvLbqz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 4488	376	rundll32.exe	95
PID 376 wrote to memory of 4488	376	rundll32.exe	95
PID 376 wrote to memory of 4488	376	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1911858bcd60ebc41d69a1858a9ec4df_JaffaCakes118.dll,#1
  2⤵
  PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1424,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
1⤵
PID:4412

memory/4488-1-0x00000000026B0000-0x00000000027B0000-memory.dmp

Filesize
1024KB

Download
memory/4488-0-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download