9d6ce232694fe7fe272db5ab7779c94f88e66366cf680d58b9337d223b903da2

Analysis

max time kernel
125s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 05:12

Target

2b19010bf9e7e48fca676f44b6079a7c_JaffaCakes118.dll
Size

26KB
MD5

2b19010bf9e7e48fca676f44b6079a7c
SHA1

a434f7d9c02ba1cf3ba7a98b78fc81e1c7520ee1
SHA256

9d6ce232694fe7fe272db5ab7779c94f88e66366cf680d58b9337d223b903da2
SHA512

eebbeb94d532787dd1dfea21500e2fd86bc63d8643808ccd08ee525a5bac5fb75cbe83716c5846282c216262797b4b413be0da1fa812b2a52ecb437c4c690afe
SSDEEP

384:N+lB56BZJJRV0I0jd6iBtu8AedaV4aK5w2zSNOSquBBQARQkpuuibRVmTq0:N+P5IJHVeNaKEftBBQARQkp6bRVmT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 264	1728	rundll32.exe	89
PID 1728 wrote to memory of 264	1728	rundll32.exe	89
PID 1728 wrote to memory of 264	1728	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b19010bf9e7e48fca676f44b6079a7c_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b19010bf9e7e48fca676f44b6079a7c_JaffaCakes118.dll,#1
  2⤵
  PID:264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,384704133665252524,7723904513810765818,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
1⤵
PID:4504