0faabb3fd3b02625bd5f7090ae9f01e9f5f1f5494e5d2d30644d5d353ccf15a4

Analysis

max time kernel
125s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 08:22

Target

19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll
Size

29KB
MD5

19708d2f9ba60a82d2d2b6d2cc8bd4ab
SHA1

052f9035bfbea449bc89829807b42c9895d4fd42
SHA256

0faabb3fd3b02625bd5f7090ae9f01e9f5f1f5494e5d2d30644d5d353ccf15a4
SHA512

2f95c2fe96ffa16536d866a5f6bf87991fbbadd67d99015a0302652366c56f728929bc0301dba3ab1150659e77803e9ceb1913e99e7a919e08406fd3d4f780a1
SSDEEP

384:VmFZVcHcvTIh1gmG37nM9/WI8FjKfypzvRzx2OA2kh21YkhqLnh2lct58:sFZVTbO1gmUMp69XpzvRFLYOqLnr58

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 2736	3260	rundll32.exe	88
PID 3260 wrote to memory of 2736	3260	rundll32.exe	88
PID 3260 wrote to memory of 2736	3260	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19708d2f9ba60a82d2d2b6d2cc8bd4ab_JaffaCakes118.dll,#1
  2⤵
  PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1324,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
1⤵
PID:1392