2e30cf63772ae5b39f3882fbda1090ab67c019c8aa412b4e4af34fe83ee610b4

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 18:29

Target

1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll
Size

157KB
MD5

1c0e0744ba062a6790447277ddaa24ad
SHA1

9131d98f10f75238405031cb07a3a67fb7c79629
SHA256

2e30cf63772ae5b39f3882fbda1090ab67c019c8aa412b4e4af34fe83ee610b4
SHA512

6d21d3cac2e8e8485907b898b5d152d2877c4eb6159b2fa3159554329fd9e2b5157990404917bc87cfb62240003877276c35bba2cbc213b20705b463e62d146a
SSDEEP

1536:Fspnu4yO4uhHIkraH67KiCf/pbTcCzODi/dTc67cBWW0GmkGFoRdTVOKfmLPj:ypnu4UkokmrTcCzOq4n7SKUb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 4336	2332	rundll32.exe	92
PID 2332 wrote to memory of 4336	2332	rundll32.exe	92
PID 2332 wrote to memory of 4336	2332	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c0e0744ba062a6790447277ddaa24ad_JaffaCakes118.dll,#1
  2⤵
  PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
1⤵
PID:2132

memory/4336-0-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download