146a33b5fc52f931495a529bb1258b178a604d387dbbcb7402c12c47ead998dc

Analysis

max time kernel
125s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 03:27

Target

2ed6220aafa0f26e3c3bedff77b2f65f_JaffaCakes118.dll
Size

1.1MB
MD5

2ed6220aafa0f26e3c3bedff77b2f65f
SHA1

7d0075fb4ceb157f1607bbe90b523af077538fb2
SHA256

146a33b5fc52f931495a529bb1258b178a604d387dbbcb7402c12c47ead998dc
SHA512

f7b4d26bb618c4885742c7288a48e60da32187922911f3203596aa43c66a64d3d4eb260c99022f060252a6d760376d86f90567086b964f81dd0d49dc281914e8
SSDEEP

12288:mmlMKCLrNZZCT/aCfq+6dlSy7p22xnTxbTi:RWc5fWOy7JxnV3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 1692	1916	rundll32.exe	89
PID 1916 wrote to memory of 1692	1916	rundll32.exe	89
PID 1916 wrote to memory of 1692	1916	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ed6220aafa0f26e3c3bedff77b2f65f_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ed6220aafa0f26e3c3bedff77b2f65f_JaffaCakes118.dll,#1
  2⤵
  PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4372,i,5028538196072658126,13960315633709835247,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
1⤵
PID:1940

memory/1692-0-0x000000007C800000-0x000000007C91F000-memory.dmp

Filesize
1.1MB

Download