162820f2ceac4512c74bc3c1be3d2c33db00e60b1fe69c0713e053648eb598d7

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 07:18

Target

19417198d95160cab5f29054250938cc_JaffaCakes118.dll
Size

339KB
MD5

19417198d95160cab5f29054250938cc
SHA1

369ebbf4d3508dc0c97f2b3d499d8b97f3dac0d9
SHA256

162820f2ceac4512c74bc3c1be3d2c33db00e60b1fe69c0713e053648eb598d7
SHA512

610d939021ad8dd0288a735aa5851b341e7b03a882afb313b688ee1f008a07ba16af60db17210096386f6d49aa938d90996e4ba15780b0a092f30ebde9fa22b8
SSDEEP

6144:CencgD2R+GQqTiO0PZGiPHEEbzXfTHLMHVaXi6yRP7NsVC4S9YJ8lae7j1AHqKwm:CenJFt4iOIGQ4BO+9QKdvlEFh7CM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1520	1100	rundll32.exe	88
PID 1100 wrote to memory of 1520	1100	rundll32.exe	88
PID 1100 wrote to memory of 1520	1100	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19417198d95160cab5f29054250938cc_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19417198d95160cab5f29054250938cc_JaffaCakes118.dll,#1
  2⤵
  PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3848,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:8
1⤵
PID:2152

memory/1520-0-0x0000000002A30000-0x0000000002B30000-memory.dmp

Filesize
1024KB

Download
memory/1520-1-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download