ae8aefb3b29f9c2366fdddb024c4ef0365e583deba40160b230e583e6a5383b0

Analysis

max time kernel
132s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 08:24

Target

25443f68b118cd95c17f04ceb908b224_JaffaCakes118.dll
Size

24KB
MD5

25443f68b118cd95c17f04ceb908b224
SHA1

6bae103700856cfd2e14aea8d76836d4857c6165
SHA256

ae8aefb3b29f9c2366fdddb024c4ef0365e583deba40160b230e583e6a5383b0
SHA512

70868061bfb9d87093e204a98786474567d3c1e143ff49c8dab285626476ba5aad787e2885f7025ed8d7b066579a70f0be2aeba3451e12ddd75f72d6f93cd460
SSDEEP

192:AcptBpwZ2kKsD0ouVp4cHkl5vgaYH1xypnotiYotiz6fnuKh4lTfWKI:AYpwAjsIZpBHkjg91xye6fOTfWK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 3576	512	rundll32.exe	90
PID 512 wrote to memory of 3576	512	rundll32.exe	90
PID 512 wrote to memory of 3576	512	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\25443f68b118cd95c17f04ceb908b224_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\25443f68b118cd95c17f04ceb908b224_JaffaCakes118.dll,#1
  2⤵
  PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4236,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:8
1⤵
PID:908