83c965a03e6480c464f32ae1d03de97d72e8690576b96a681e548f3568fd50f5

Analysis

max time kernel
137s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 19:02

Target

1c2542f2238d154d68adcd4bd2a21c37_JaffaCakes118.dll
Size

28KB
MD5

1c2542f2238d154d68adcd4bd2a21c37
SHA1

6a7f9cb0918be871424bf9e5b200f02770525f5f
SHA256

83c965a03e6480c464f32ae1d03de97d72e8690576b96a681e548f3568fd50f5
SHA512

1873de6bef6cf82136b35ec75a657e913fa7155f566d60fcad7c59f05537f68b752955142386b0d34b30382ba1898bd06e88699ab64a6544f6c25279a4f940e4
SSDEEP

384:hGATncNBi3BhiyVy5PIKPw/iPxQYOK77t:bQB95PIKPw/iPxhOKl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 2380	3704	rundll32.exe	90
PID 3704 wrote to memory of 2380	3704	rundll32.exe	90
PID 3704 wrote to memory of 2380	3704	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c2542f2238d154d68adcd4bd2a21c37_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c2542f2238d154d68adcd4bd2a21c37_JaffaCakes118.dll,#1
  2⤵
  PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4132,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:8
1⤵
PID:412