2d18728c844f838236422ae4a494cee2a4935558980ba015e7bce5d0e60543ac

Analysis

max time kernel
126s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 11:08

Target

2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll
Size

72KB
MD5

2c18a324aeced6427791f27fb34db921
SHA1

6e8b9d3f5edfd531d898388d36cd52b1fc44a1dc
SHA256

2d18728c844f838236422ae4a494cee2a4935558980ba015e7bce5d0e60543ac
SHA512

ae13b80df50c982c2e2c296f01733f7206a360d7ac11c2dcfbca628b535a0595e38d09961f8a2ab9193670a9bad90896c3928da1c7061285165d2479410184b2
SSDEEP

1536:WmVX3h8CzZ5eE9qHfxGsPTupNY3qWZT6+GEZ18bYkgjxo8H4rMFM:/n3zZ59aZZTt5jxo8YrMG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1544	5044	rundll32.exe	89
PID 5044 wrote to memory of 1544	5044	rundll32.exe	89
PID 5044 wrote to memory of 1544	5044	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c18a324aeced6427791f27fb34db921_JaffaCakes118.dll,#1
  2⤵
  PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4288,i,15168044379859864039,3380316340477469860,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8
1⤵
PID:1252