f50cd03a06c4f359eb5d3f88b1c56a601d410e79557f9fd3e168806d7561b4b1

Analysis

max time kernel
140s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 14:43

Target

2cbbaa1731999087c182c1630f07ae92_JaffaCakes118.dll
Size

120KB
MD5

2cbbaa1731999087c182c1630f07ae92
SHA1

5b4ec12f8f9dd8161e641941732606e545685d2f
SHA256

f50cd03a06c4f359eb5d3f88b1c56a601d410e79557f9fd3e168806d7561b4b1
SHA512

f6708b4ea75f8ee83f14fa7ae353eb7c8a88c056694239b66c251fe414f7954dfe10c6ca8c2cb204b74b314077352c2702a654dd4be53458de02c8ff1499909d
SSDEEP

3072:jcNoX9Zfcq6NDl9I3Xy7j8OSXt3QzEjXOnpMbC0w1c3Pwg4u:ImX7Eq+A3GopQzEjYOq18/4u

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 1488	1128	rundll32.exe	89
PID 1128 wrote to memory of 1488	1128	rundll32.exe	89
PID 1128 wrote to memory of 1488	1128	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbbaa1731999087c182c1630f07ae92_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cbbaa1731999087c182c1630f07ae92_JaffaCakes118.dll,#1
  2⤵
  PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4048,i,15168044379859864039,3380316340477469860,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8
1⤵
PID:3608

memory/1488-0-0x0000000000C20000-0x0000000000C2B000-memory.dmp

Filesize
44KB

Download
memory/1488-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/1488-7-0x0000000000C20000-0x0000000000C2B000-memory.dmp

Filesize
44KB

Download