ebbd0f83b154e3c9228ba2f2e4dae63ec3b74269a3cb1e8d04b8c3498dc2d9b8

Analysis

max time kernel
121s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 20:57

Target

262efd4fb196da2c9679675e63e39049_JaffaCakes118.dll
Size

232KB
MD5

262efd4fb196da2c9679675e63e39049
SHA1

23031c2bc7a52256c5861b1767d607d810efb174
SHA256

ebbd0f83b154e3c9228ba2f2e4dae63ec3b74269a3cb1e8d04b8c3498dc2d9b8
SHA512

3b32f15aa2283af2656c639f34948117bdd2be00eee5db3ef3f75d84d85e67fdeac1af1e4892429365836a4ffddea0585bf67fc6ceea16607be7ad1ff3b1e08e
SSDEEP

3072:FonyEOEDCU8sLbHwhVB81SlX9aFlCi2EEgyjf88D9BCZWbEh05t:Fo5OVfsLc1l4FSEEFf88RAcm03

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 4460	2220	rundll32.exe	87
PID 2220 wrote to memory of 4460	2220	rundll32.exe	87
PID 2220 wrote to memory of 4460	2220	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\262efd4fb196da2c9679675e63e39049_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\262efd4fb196da2c9679675e63e39049_JaffaCakes118.dll,#1
  2⤵
  PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4320,i,17211346206607097582,14783440229797954268,262144 --variations-seed-version --mojo-platform-channel-handle=1280 /prefetch:8
1⤵
PID:1016